June 11, 2010 at 2:36 pm
Hi everyone.
I've recently started at another organization, and into a newly created position of DBA. I am the first DBA they have ever had.
The situation is a bit of a mess. They have a number of business analysts & developers who have sysadmin access to all production servers, not to mention other massive security issues, including BUILTIN\administrators still hanging around.
I'm trying to tackle these issues one at a time, starting with getting the developers out of the prod databases (they still think they should be making changes to prod on the fly themselves without full QA testing). Its been a tough battle, but I've managed to negitiate them down to read only access for all production databases. At this point I'm taking what I can get.
My question - is there are way I can set their logins at the server level, to have read only access to the databases? Obviously I know I can do it per database with the db_datareader role, but I was hoping for a nice instance wide approach. I was thinking of going crazy with a script in absence of anything else.
Oh, and I'm talking 2005 & 2008 SQL instances on a mix of Windows 2003 & 2008.
thanks, Mark
June 14, 2010 at 10:09 am
Create a role group with read-only permissions and assign users to that role group.
Do you have RedGate's Multi-Script?
If not you may need to create a script which uses EXECUTE sp_msforeachdb
This may also provide a useful starting point:
Edit (again!): I re-read your requirement and realise my "advice" was specific to database level only...:w00t:
gsc_dba
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply