Minimum privileges

  • SQL2000

    What are the minimum privileges / permissions / database roles needed to grant a user (besides granting sysadmin) to:

    1) Create and run DTS packages.

    2) Create, run and review job history.

    For #1: I am guessing DB_DATAREADER and DB_DATAWRITER to MSDB??

    For #2: I'm not sure about granting MASTER db.

    What is the minimum I should grant?

    Thanks.

  • Always use the fixed roles of MSDB[/url] instead of granting permissions directly.

    I believe for job controlling from the SQL Agent you need sysadmin permissions.

    Oops I see I am in the SQL 2000 forum. These roles didn't exists back then.

    __________________
    MS-SQL / SSIS / SSRS junkie
    Visit my blog at dba60k.net

  • asdsfssd (6/11/2013)


    SQL2000

    What are the minimum privileges / permissions / database roles needed to grant a user (besides granting sysadmin) to:

    1) Create and run DTS packages.

    2) Create, run and review job history.

    For #1: I am guessing DB_DATAREADER and DB_DATAWRITER to MSDB??

    For #2: I'm not sure about granting MASTER db.

    What is the minimum I should grant?

    Thanks.

    I'm pretty sure that, in SQL Server 2000, only SA privs will fit the bill here.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.
    "Change is inevitable... change for the better is not".

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)
    Intro to Tally Tables and Functions

  • I think, searching memory here, that you could get SELECT privileges to the job tables and grant them. However that might mean the person could only query.

    As far as DTS, I'm not sure you can allow packages to be saved from the designers without SA. Maybe you could try creating a role in msdb and assigning permissions to syspackages and see. I don't have an instance to test, but I would start there. The permissions structure was more manipulable in earlier versions, but I'm not sure if it was 2000 that hardened this, or 2005.

    However, Jeff might be right here. There were few fine grained controls in 2000.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply