Post reply

Roles For Sql Developers

  • January 19, 2011 at 10:09 pm

    #243982

    Dear All,

    In our organisation all Sql Developers make use of SA to login to Sql Instance, now i am asked to restrict this and developers should be given individual logins, please help in roles assignment, what roles should i assign for these developers login, awaiting inputs from experts.

    Thanks in advance

    Rayan


    Praveen D'sa
    MCITP - Database Administrator 2008
    http://sqlerrors.wordpress.com

  • January 20, 2011 at 6:26 am

    #1275857

    I assume you have a separate database environment for your developers and that they need to create database objects like tables and procs. In that case the main role they need will be ddl_admin. It's generally better to avoid using SQL Server logins. Use integrated security wherever possible.

    For testing purposes use whatever permission set will be used in production. Don't test with the same logins used for development.

  • January 20, 2011 at 9:03 am

    #1276007

    Agree with using integrated security instead of sql logins.

    As far as roles, we usually grant our developers dbcreator (server role) and db_owner (database role) in dev.

    _____________________________________________________________________
    - Nate

    @nate_hughes

  • January 20, 2011 at 9:18 am

    #1276016

    The roles you put them in depend on how much you want to restrict their capabilities on the server.

    There are no special teachers of virtue, because virtue is taught by the whole community.
    --Plato

  • January 28, 2011 at 11:53 pm

    #1280046

    in my environment, in production, dev only get RO access if they can provide a business justification, which they can most of the time and approval from PM.

    also, avoid using individual account, it will drive you mad, instead use global security group.

    -----------------------------
    www.cbtr.net
    .: SQL Backup Admin Tool[/url] :.

  • February 9, 2011 at 12:52 am

    #1284237

    Thanks! I really care about this. Keep up good work

    typing service[/url]

  • February 9, 2011 at 1:15 am

    #1284252

    As others opinion, you can use Integrated Security.

    We are using role to assign the proper rights to Developers. DevLogin has associated user like DevUser and DevUser is assign to DeveloperRole. DeveloperRole only contains rights like db_ddladmin, db_datawriter & db_accessadmin.

    If developer wants to connect to server/database then he has to use DevLogin only.

    Thanks

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply