Jeff Moden (11/20/2013)

---

opc.three (11/20/2013)

---

Jeff Moden (11/20/2013)

---

opc.three (11/20/2013)

---

Chances are I could accomplish this through a SQLCLR. I could definitely setup an Agent job that a low-priv user could run by executing a stored proc.

Heh... who on this good green Earth with even an ounce of concern for security would allow that to happen in an uncontrolled manner? Yes, I agree that there are many ways that, as an SA prived DBA, I could allow that to happen. That's part of my point. It either takes a person with SA privs to use it, never mind enable it. The exception to the enabling rule is that someone with Control Server privs could also enable it. Any DBA that gives a non-DBA those privs should be fired for reasons of bad security. The exception to direct usage is if some DBA is dumb enough to grant usage privs to a non-DBA user to execute xp_CmdShell directly. The DBA should be fired for that mistake, as well.

Ahhh, some common ground. And to that end, just because you can, doesn't mean you should 😉

And I understand about the backup thing. My question to you was do you know of any xp that can delete text or other files? I do. It's called xp_CmdShell 😉

And my question to you is, why would you ever need to delete text files on the host operating system's file system using T-SQL? The answer is you don't.

You're correct. I don't. I could use Powershell or SSIS or DOS or PERL or VB/VBScript, Java Script, or any of a thousand other tools... but I prefer not to have code scattered all over. If I can do it all from a single point, then things are a whole lot easier to manage and automate.