• opc.three (4/22/2013)


    crmitchell (4/22/2013)


    Eric M Russell (4/18/2013)


    Dree Vasquez (4/18/2013)


    Hi All

    If you're a member of sysadmin, then you can grant or deny whatever privillages you know are really required. You can even edit and recompile the stored procedures too. Don't let some 3rd party tell you how to manage your database.

    As a counter to that you should remember that the code whether stored procedures or otherwise should have been tested and signed off before being put LIVE. This testing may and change control may be governed by statutary requirements and so altering it without a full retest may have legal implications. As such you should not be changing the stored procs but instead requiring the developers to do so.

    It depends on the shop. Some DBAs have carte blanche to change code when it makes sense, i.e. when the changes relate to database security or performance. Other times those tasks fall to a developer.

    On the other hand it is reasonable to require the developers to produce the code such that it will work correctly on a server with much more restrictive permissions.

    As a developer I would expect very liberal rights on the develpment server - definitely DBO and probably SysAdmin. I would expect TEST to be more restricted - no SYSADMIN, maybe DBO but probably only DBREADER, DBWriter and appropriate EXECUTE permissions and minimal rights on the LIVE box.

    You gave them dbo?[/url]

    Well I'm a developer but as I said I would expect that on DEV and would expect to need to justify it in TEST - it may be needed when promoting to TEST but normally I would not normally expect it after that stage is completed. Older code may still require it but it should be the exception rather than the rule. It should not be expected for LIVE.

    The only thing I would want on LIVE over and above the basic access everyone would have would be the ability to view but not alter server settings and the database objects to aid with diagnosing problems. In some cases the sensitivity of LIVE data may mean that even that level of access would not be appropriate.

    Ideally for LIVE the code should be set up to run with execute permissions on specific stored procs only and no general DB access.