Home Forums SQL Server 2017 SQL Server 2017 - Administration How would you lock down a SQL DBA to have local admin on the SQL box RE: How would you lock down a SQL DBA to have local admin on the SQL box

  • February 28, 2018 at 8:01 am

    #1981466

    ffarouqi - Tuesday, February 20, 2018 1:53 PM

    I would like to know if we can create a separate group or what permissions on the server should be granted for the DBA to make sure he/she can perform the duties such as the ones listed below in case if we lock down local admin rights on the box due to management and security reasons.

    - SQL database attach/detach
    - SQL installation, service pack updates etc.
    - Monitoring performance metrics
    - restarting and stopping sql server

    some of these have elevated permissions, no way round that.
    are you really unable to trust the admins that much?
    Which users are to remain in control of the instance in the event you lock down?

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉