November 25, 2008 at 12:18 pm
I currently changed roles to the first DBA at a company that is very reliant on their DBs but haven't maintained them very well. Currently all the developers, QAers, etc. use the SA account to login to the development, staging, AND production DB's. I want to change this immediately.
What's the best way to set up the QAers/developers with their own logins? Should I create a login for EACH person and use roles for permissions? Should I have group logins that a team of developers should use?
I don't want to flood my DB's with countless users either. What's the best way to set this up?
November 25, 2008 at 12:23 pm
Windows groups are best. Get the developers added to a windows group, grant that group a login to SQL. Create roles for permissions and add those roles to the group.
Make sure that you have your boss's buy-in before doing this. The developers are not going to be happy about loosing system admin rights.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
November 25, 2008 at 12:24 pm
I would move them to using Windows authentication, and then setup groups that you then use to assign permissions.
November 25, 2008 at 1:14 pm
I'm with Gail and Lynn.
I had to do this and it was hard, but I got management buy in, created Windows groups and assigned permissions (DBO, not SA) and then changed the SA account and didn't give it out again ever.
Surprisingly things were more stable.:hehe:
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply