Home Forums SQL Server 2005 SQL Server 2005 Security Effect of Adding SYSADMIN Server Role RE: Effect of Adding SYSADMIN Server Role

  • February 25, 2014 at 10:53 pm

    #1692131

    yocki (2/25/2014)

    yes Jeff. you are right. I know i cant give SYSADMIN to some one else.. its just because the operators don't really have good understanding about sql. I grant this sysadmin in order to execute xp_cmdshell to create log file.

    Well, in the end i found another way to create log file without having to grant SYSADMIN to a user

    thanks for warning me anyway... 🙂

    That would be another thing... never grant anyone privs to run xp_CmdShell directly. It gives folks elevated privs that you can't imagine. Write a stored prodecure that does the job with EXECUTE AS OWNER and then give them privs only to run the stored procedure.

    BTW. Would you share the "another way to create log file without having to grant SYSADMIN to a user", please? Thanks.

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)