Post reply

Fixed server role required for Object creation in sys databases?

  • February 11, 2010 at 3:02 pm

    #219104

    What Fixed server role required for Object creation in sys databases?

    Does login/connected user have to be db_owner, dbo or sysadmin [server role]?

    I'm trying to downgrade privileges for application owners that are doing admin and configuration to SQL databases through app UI. Some of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).

    Thanks,

    Zee

  • February 12, 2010 at 2:07 am

    #1117916

    ZeeAtl (2/11/2010)[hrSome of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).

    Why? In general stuff like that is a bad idea with lots of support nightmares. Remember TempDB is completely recreated whenever SQL starts. Anything (tables, permissions, etc) in there is dropped.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • February 12, 2010 at 6:15 am

    #1117977

    I have no control over it. It is simply an operation that is executed with certain application activities. I'm not sure what the final result is.

    My question is whether with these "black-box" behind the scenes operations going on, does that account connecting to SQL Server need to be sysadmin to have privileges to do this?

    In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases? I would assume not, but I'm unsure.

    Thanks.

  • February 12, 2010 at 7:08 am

    #1118007

    No it cannot...

  • February 12, 2010 at 7:18 am

    #1118015

    ZeeAtl (2/12/2010)

    In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases?

    Yes. Ddl_admin is more than sufficient.

    Do note that TempDB is recreated completely on every start and hence all user permissions and tables will disappear. You need a way to put the permissions (and any necessary tables) back after a restart. Not trivial.

    Is this 'operation' something written by in-house developers or is it a 3rd part vendor?

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

  • February 12, 2010 at 11:16 am

    #1118173

    Third party application. I have no idea what the app is doing. It is hitting TempDB more than infrequently though.

    Thx,

    Zee

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply