May 21, 2010 at 12:48 pm
If a server login has sysadmin role checked, but also has some of the lesser roles checked, that is redundant and not necessary, correct?
And same for database users... if a user has db_owner checked, but also has some of the lesser roles checked, that is redundant and not necessary, correct?
May 21, 2010 at 12:54 pm
correct on both counts
---------------------------------------------------------------------
May 21, 2010 at 1:00 pm
george sibbald (5/21/2010)
correct on both counts
Hmmm, so is there a reason why the interface allows this kind of redundant display of roles? As a beginner DBA, I found this to be confusing. Is it because, besides sysadmin and db_owner roles, the other roles are all mutually exclusive?
May 21, 2010 at 1:11 pm
It is erroneous to assume that all roles other than sysadmin and db_owner are mutually exclusive.
As far as why this redundancy is allowed, my guess it that it's easier and more robust to allow redundancy with the assumption that the DBAs know what the implications are than it is to forcibly code against redundancy to protect a DBA/user who does not understand the implications of his actions.
With the current setup, you are also assured that a role is a role and all roles have the same behavior (instead of having sysadmin and db_owner as some special type of role with differing behaviors).
May 21, 2010 at 1:12 pm
no, they are not mutually exclusive.
giving db_owner + all others or sa + all others does no harm in itself so I guess MS see no need to protect people from this.
greying out the other options when the highest level is granted might confuse some people even more.
---------------------------------------------------------------------
May 21, 2010 at 1:39 pm
Ok, thx for the clarification.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply