Minimum privileges

  • asdsfssd

    Old Hand

    Points: 324

    SQL2000

    What are the minimum privileges / permissions / database roles needed to grant a user (besides granting sysadmin) to:

    1) Create and run DTS packages.

    2) Create, run and review job history.

    For #1: I am guessing DB_DATAREADER and DB_DATAWRITER to MSDB??

    For #2: I'm not sure about granting MASTER db.

    What is the minimum I should grant?

    Thanks.

  • peterjonk

    SSCommitted

    Points: 1545

    Always use the fixed roles of MSDB[/url] instead of granting permissions directly.

    I believe for job controlling from the SQL Agent you need sysadmin permissions.

    Oops I see I am in the SQL 2000 forum. These roles didn't exists back then.

    __________________
    MS-SQL / SSIS / SSRS junkie
    Visit my blog at dba60k.net

  • Jeff Moden

    SSC Guru

    Points: 993661

    asdsfssd (6/11/2013)


    SQL2000

    What are the minimum privileges / permissions / database roles needed to grant a user (besides granting sysadmin) to:

    1) Create and run DTS packages.

    2) Create, run and review job history.

    For #1: I am guessing DB_DATAREADER and DB_DATAWRITER to MSDB??

    For #2: I'm not sure about granting MASTER db.

    What is the minimum I should grant?

    Thanks.

    I'm pretty sure that, in SQL Server 2000, only SA privs will fit the bill here.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
    "If you think its expensive to hire a professional to do the job, wait until you hire an amateur."--Red Adair
    "Change is inevitable... change for the better is not."
    When you put the right degree of spin on it, the number 3|8 is also a glyph that describes the nature of a DBAs job. 😉

    Helpful Links:
    How to post code problems

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 714105

    I think, searching memory here, that you could get SELECT privileges to the job tables and grant them. However that might mean the person could only query.

    As far as DTS, I'm not sure you can allow packages to be saved from the designers without SA. Maybe you could try creating a role in msdb and assigning permissions to syspackages and see. I don't have an instance to test, but I would start there. The permissions structure was more manipulable in earlier versions, but I'm not sure if it was 2000 that hardened this, or 2005.

    However, Jeff might be right here. There were few fine grained controls in 2000.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply