SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Minimum privileges


Minimum privileges

Author
Message
asdsfssd
asdsfssd
SSC Journeyman
SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)SSC Journeyman (84 reputation)

Group: General Forum Members
Points: 84 Visits: 29
SQL2000

What are the minimum privileges / permissions / database roles needed to grant a user (besides granting sysadmin) to:
1) Create and run DTS packages.
2) Create, run and review job history.

For #1: I am guessing DB_DATAREADER and DB_DATAWRITER to MSDB??
For #2: I'm not sure about granting MASTER db.

What is the minimum I should grant?

Thanks.
peterjonk
peterjonk
Old Hand
Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)Old Hand (347 reputation)

Group: General Forum Members
Points: 347 Visits: 644
Always use the fixed roles of MSDB instead of granting permissions directly.
I believe for job controlling from the SQL Agent you need sysadmin permissions.

Oops I see I am in the SQL 2000 forum. These roles didn't exists back then.

__________________
MS-SQL / SSIS / SSRS junkie
Visit my blog at dba60k.net
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (212K reputation)SSC Guru (212K reputation)SSC Guru (212K reputation)SSC Guru (212K reputation)SSC Guru (212K reputation)SSC Guru (212K reputation)SSC Guru (212K reputation)SSC Guru (212K reputation)

Group: General Forum Members
Points: 212595 Visits: 41977
asdsfssd (6/11/2013)
SQL2000

What are the minimum privileges / permissions / database roles needed to grant a user (besides granting sysadmin) to:
1) Create and run DTS packages.
2) Create, run and review job history.

For #1: I am guessing DB_DATAREADER and DB_DATAWRITER to MSDB??
For #2: I'm not sure about granting MASTER db.

What is the minimum I should grant?

Thanks.


I'm pretty sure that, in SQL Server 2000, only SA privs will fit the bill here.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
Steve Jones
Steve Jones
SSC Guru
SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)SSC Guru (144K reputation)

Group: Administrators
Points: 144960 Visits: 19424
I think, searching memory here, that you could get SELECT privileges to the job tables and grant them. However that might mean the person could only query.

As far as DTS, I'm not sure you can allow packages to be saved from the designers without SA. Maybe you could try creating a role in msdb and assigning permissions to syspackages and see. I don't have an instance to test, but I would start there. The permissions structure was more manipulable in earlier versions, but I'm not sure if it was 2000 that hardened this, or 2005.

However, Jeff might be right here. There were few fine grained controls in 2000.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search