yocki (2/25/2014)
yes Jeff. you are right. I know i cant give SYSADMIN to some one else.. its just because the operators don't really have good understanding about sql. I grant this sysadmin in order to execute xp_cmdshell to create log file.Well, in the end i found another way to create log file without having to grant SYSADMIN to a user
thanks for warning me anyway... 🙂
That would be another thing... never grant anyone privs to run xp_CmdShell directly. It gives folks elevated privs that you can't imagine. Write a stored prodecure that does the job with EXECUTE AS OWNER and then give them privs only to run the stored procedure.
BTW. Would you share the "another way to create log file without having to grant SYSADMIN to a user", please? Thanks.
--Jeff Moden
Change is inevitable... Change for the better is not.