SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


PBM Alert


PBM Alert

Author
Message
cengland0
cengland0
SSCommitted
SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)

Group: General Forum Members
Points: 1676 Visits: 1300
calvo (7/22/2011)
cengland0 (7/22/2011)
Hey, wait a second. According to:

http://technet.microsoft.com/en-us/library/bb510667.aspx

Administering Policy-Based Management requires membership in the PolicyAdministratorRole role in the msdb database. This role has complete control of all policies on the system. This control includes creating and editing policies and conditions and enabling and disabling policies.

So tell me why did I get it wrong?

He mentions testing the alert before pushing to production which indicates an on-demand test. Reading further in the link you'll see
"Alert security:

When policies are evaluated on demand, they execute in the security context of the user. To write to the error log, the user must have ALTER TRACE permissions or be a member of the sysadmin fixed server role. Policies that are evaluated by a user that has less privileges will not write to the event log, and will not fire an alert."

Although sysadmin will work, it's not the minimum permission Sad

Thanks for the great explanation. That means I legitimately missed the question this time. Dang.
Kwex
Kwex
Old Hand
Old Hand (375 reputation)Old Hand (375 reputation)Old Hand (375 reputation)Old Hand (375 reputation)Old Hand (375 reputation)Old Hand (375 reputation)Old Hand (375 reputation)Old Hand (375 reputation)

Group: General Forum Members
Points: 375 Visits: 240
Richard Warr (7/22/2011)
No, not everybody :-)

But, if you've been following the discussions on some recent questions you'll note that some people take the prospect of a point very seriously.

I think the honourable approach is to try and answer the question straight away then, especially if you get it wrong. read the given reference and learn something.

But that's just me - people are free to approach the scenario as best suits them. Invariably nobody gets hurt.


You might be correct Richard, but since one of the aims of QOTD is to brag about your points (as the email says), then, new joiners like me with infinitesimally small points compared to others would want to climb up the Hall of Fame pretty quickly!

Show some mercy :-)
mtassin
mtassin
SSCarpal Tunnel
SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)

Group: General Forum Members
Points: 4798 Visits: 72518
Richard Warr (7/22/2011)
No, not everybody :-)

But, if you've been following the discussions on some recent questions you'll note that some people take the prospect of a point very seriously.

I think the honourable approach is to try and answer the question straight away then, especially if you get it wrong. read the given reference and learn something.

But that's just me - people are free to approach the scenario as best suits them. Invariably nobody gets hurt.


My points are important. For me it's
1. Take my best guess as to what the answer is
2. Then try to find the answer and see if I'm correct. If I can't find it quickly enough, I stick with my gut instinct. In this case I was wrong. I suspected it was eitehr ALTER TRACE or must be sysadmin. Because of what policies are about, I went with SA required to test them as I figured that they could be created, but only SA's could actually deploy/test them. I was wrong, I still learned something.



--Mark Tassin
MCITP - SQL Server DBA
Proud member of the Anti-RBAR alliance.
For help with Performance click this link
For tips on how to post your problems
sharath.chalamgari
sharath.chalamgari
UDP Broadcaster
UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)UDP Broadcaster (1.5K reputation)

Group: General Forum Members
Points: 1472 Visits: 798
i was not thinking about the least previlages and selected the sysadmin role. thanks for the good question.
SanDroid
SanDroid
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1576 Visits: 1046
Nice Question! Thank YOU!!! Cool
I must admit that at first read I was worried. I got that bad question vibe.
Then I read this part "You are able to create the policies."
That is the KEY to the right answer.
If you can create the policies, but the alerts are not firing the only thing that can be missing is the Alter Trace permission.

Have a good weekend! Smooooth
chrisfradenburg
chrisfradenburg
SSCommitted
SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

Group: General Forum Members
Points: 1986 Visits: 2067
Execute as user is made up? It actually does exist but my guess was that it couldn't be used when executing policies.

BOL reference:
Execute As (Transact-SQL)
chrisfradenburg
chrisfradenburg
SSCommitted
SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

Group: General Forum Members
Points: 1986 Visits: 2067
Shark Energy (7/22/2011)
Am I doing this wrong? (QotD) Even if its a subject I don't know about I try and come up with an answer as its a test of my knowledge. I don't look up the answers beforehand.

Does everyone else treat them like a real life scenario at work where you books online anything you dont know?


I using it as a learning opportunity. If it's something I think I know or be able to figure out from what I know I'll just answer. If I don't I'll either do research since I learn better that way than getting it put right in front of me or guess depending on my mood and the question.
SanDroid
SanDroid
SSCommitted
SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)SSCommitted (1.6K reputation)

Group: General Forum Members
Points: 1576 Visits: 1046
crafdenberg (7/22/2011)
Execute as user is made up? It actually does exist but my guess was that it couldn't be used when executing policies.

BOL reference:
Execute As (Transact-SQL)


Uh Oh... maybe I spoke to soon. I totaly missed the explination saying this was made up.
"Execute As" is definately a real thing! ;-)
"Execute As" is also definately not a permission! w00t

You might be able to use this to test the Policy Alert if the User supplied has the ALTER TRACE permission. I realy have no way to test at this time.... Cool
Did you try this crafdenberg? If you can post some working script it would prove your point, but it would not make this command a permission. Hehe
chrisfradenburg
chrisfradenburg
SSCommitted
SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)SSCommitted (2K reputation)

Group: General Forum Members
Points: 1986 Visits: 2067
We don't use policies to manage SQL yet. I'm planning on testing it out and see if it's something we want to pursue but don't have time to do it right now.
Shark Energy
Shark Energy
Right there with Babe
Right there with Babe (797 reputation)Right there with Babe (797 reputation)Right there with Babe (797 reputation)Right there with Babe (797 reputation)Right there with Babe (797 reputation)Right there with Babe (797 reputation)Right there with Babe (797 reputation)Right there with Babe (797 reputation)

Group: General Forum Members
Points: 797 Visits: 1018
cengland0 (7/22/2011)
Hey, wait a second. According to:

http://technet.microsoft.com/en-us/library/bb510667.aspx

Administering Policy-Based Management requires membership in the PolicyAdministratorRole role in the msdb database. This role has complete control of all policies on the system. This control includes creating and editing policies and conditions and enabling and disabling policies.

So tell me why did I get it wrong?


As well as the decent explanation you've already been given, the option in the question was actually PolicyAdministrator rather than the correct role name of PolicyAdministratorRole
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search