September 29, 2014 at 2:14 pm
Jeff Moden (9/29/2014)
Alvin Ramard (9/29/2014)
Luis Cazares (9/29/2014)
Revoke create and alter permissions and create policies to apply changes to the database. People will start to do things right when they're enforced.That only works in management doesn't say: "Put things back the way they were!"
"I'm sorry, Dave, but I can't do that". :hehe:
Upgrading to the next release of SQL Server offers an excellent pretext for removing unneeded permissions from app developers.
"I'm so sorry, I know it a pain in the a$$, but under SQL Server 20xx a login can't drop/recreate objects unless we make them database owner or sysadmin. It's a new default feature intended to tighten security and prevent SQL injection attacks. Do we really want to operate under a non-standard security configuration? It's best just to leave it as is and let the DBA execute all the deployments."
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 29, 2014 at 2:58 pm
Jeff Moden (9/29/2014)
Koen Verbeeck (9/29/2014)
Hire an overpriced consultant. Chances are they'll listen to him/her...BWAAAA-HAAA!!! BECOME and overpriced consultant! 😉
I already am 😉
By the way Jeff, you had this wonderful quote about best practices in some thread some time ago.
It was something that best practices are only best practices in the eye of the beholder or something like that.
Any idea what you exactly said? I'd like to use it in a presentation, but I can't find it anywhere... 😀
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
September 29, 2014 at 3:02 pm
Jeff Moden (9/29/2014)
Koen Verbeeck (9/29/2014)
Hire an overpriced consultant. Chances are they'll listen to him/her...BWAAAA-HAAA!!! BECOME and overpriced consultant! 😉
Careful not to become an unemployed overprice consultant! :w00t:
For best practices on asking questions, please read the following article: Forum Etiquette: How to post data/code on a forum to get the best help[/url]
September 29, 2014 at 3:34 pm
Koen Verbeeck (9/29/2014)
Hire an overpriced consultant. Chances are they'll listen to him/her...
The problem is these overpriced consultants are also full of overpriced crappy code. These are the people who consultants a bad name by coming in at a high bill rate to "make the system faster" only to actually slow it down.
_______________________________________________________________
Need help? Help us help you.
Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.
Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.
Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/
September 29, 2014 at 10:59 pm
Sean Lange (9/29/2014)
Koen Verbeeck (9/29/2014)
Hire an overpriced consultant. Chances are they'll listen to him/her...The problem is these overpriced consultants are also full of overpriced crappy code. These are the people who consultants a bad name by coming in at a high bill rate to "make the system faster" only to actually slow it down.
Are you calling my code "crappy"? :unsure:
😎
September 29, 2014 at 11:01 pm
Koen Verbeeck (9/29/2014)
Hire an overpriced consultant. Chances are they'll listen to him/her...
Erm, chances are often just about as good as them listening to an FTE.:-D
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
September 29, 2014 at 11:01 pm
djj (9/29/2014)
They hire me to be a DBA and then they do not take my suggestions.I tell them they should only store a standardized value. A prime example of where this would help is phone number. They put in whatever they want then have to run a udf to find the number to compare to. I have been overridden several times when I suggest cleaning the numbers they say there are extensions which I point out I can handle but no go.
This is just an example. I have been looking into why a procedure runs so long, well they programmed it to check every phone number using a udf that is not well written. i.e. it has multiple steps within the udf.
Sorry for the rant but I had to get it off my chest.:crying:
Sounds far to familiar, doesn't matter which suit one is wearing though. Found the best way of getting the right things through being the seeding of ideas, methodology, procedures and such, just enough to make "them" think the idea is "their's", then things start to happen. Child psychology approach can be quite useful.
😎
September 29, 2014 at 11:10 pm
Eirikur Eiriksson (9/29/2014)
djj (9/29/2014)
They hire me to be a DBA and then they do not take my suggestions.I tell them they should only store a standardized value. A prime example of where this would help is phone number. They put in whatever they want then have to run a udf to find the number to compare to. I have been overridden several times when I suggest cleaning the numbers they say there are extensions which I point out I can handle but no go.
This is just an example. I have been looking into why a procedure runs so long, well they programmed it to check every phone number using a udf that is not well written. i.e. it has multiple steps within the udf.
Sorry for the rant but I had to get it off my chest.:crying:
Sounds far to familiar, doesn't matter which suit one is wearing though. Found the best way of getting the right things through being the seeding of ideas, methodology, procedures and such, just enough to make "them" think the idea is "their's", then things start to happen. Child psychology approach can be quite useful.
😎
Along the same line of thinking, you need to tell them what they want to hear. If you seed the idea and make it theirs, then when you agree with them on it, it will get approved. 😉
A lot of times it comes down to how well you can sell them on the idea and the politics you are willing to play. I know it sounds like snakeskin salesman approach. But, think about spinning the suggestion in a more positive way without demoting the other approaches with negative connotations. TPTB will often be more receptive (whether consultant or fte), if the message sounds good rather than if it had any negative notes to it at all.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
September 30, 2014 at 2:47 am
Eric M Russell (9/29/2014)
Upgrading to the next release of SQL Server offers an excellent pretext for removing unneeded permissions from app developers."I'm so sorry, I know it a pain in the a$$, but under SQL Server 20xx a login can't drop/recreate objects unless we make them database owner or sysadmin. It's a new default feature intended to tighten security and prevent SQL injection attacks. Do we really want to operate under a non-standard security configuration? It's best just to leave it as is and let the DBA execute all the deployments."
Because lying to management is such a great way to get them to trust you....
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
September 30, 2014 at 4:43 am
SQLRNNR (9/29/2014)
Along the same line of thinking, you need to tell them what they want to hear. If you seed the idea and make it theirs, then when you agree with them on it, it will get approved. 😉A lot of times it comes down to how well you can sell them on the idea and the politics you are willing to play. I know it sounds like snakeskin salesman approach. But, think about spinning the suggestion in a more positive way without demoting the other approaches with negative connotations. TPTB will often be more receptive (whether consultant or fte), if the message sounds good rather than if it had any negative notes to it at all.
My problem is I could not sell water to a thirsty millionaire. 🙂
September 30, 2014 at 5:35 am
djj (9/30/2014)
SQLRNNR (9/29/2014)
Along the same line of thinking, you need to tell them what they want to hear. If you seed the idea and make it theirs, then when you agree with them on it, it will get approved. 😉A lot of times it comes down to how well you can sell them on the idea and the politics you are willing to play. I know it sounds like snakeskin salesman approach. But, think about spinning the suggestion in a more positive way without demoting the other approaches with negative connotations. TPTB will often be more receptive (whether consultant or fte), if the message sounds good rather than if it had any negative notes to it at all.
My problem is I could not sell water to a thirsty millionaire. 🙂
Yeah, I have the same problem. I can see the best way to do things, but it sometimes takes a lot of work to convince people that it's the right approach. Several times I've been "out-sold" by someone who got their way, only to have it come back to me asking if I could help them make it better. Sales is definitely a skill.
September 30, 2014 at 7:33 am
djj (9/30/2014)
SQLRNNR (9/29/2014)
Along the same line of thinking, you need to tell them what they want to hear. If you seed the idea and make it theirs, then when you agree with them on it, it will get approved. 😉A lot of times it comes down to how well you can sell them on the idea and the politics you are willing to play. I know it sounds like snakeskin salesman approach. But, think about spinning the suggestion in a more positive way without demoting the other approaches with negative connotations. TPTB will often be more receptive (whether consultant or fte), if the message sounds good rather than if it had any negative notes to it at all.
My problem is I could not sell water to a thirsty millionaire. 🙂
Problem with thirsty millionaires is that you have to buy the drink for them 😉
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
September 30, 2014 at 7:38 am
GilaMonster (9/30/2014)
Eric M Russell (9/29/2014)
Upgrading to the next release of SQL Server offers an excellent pretext for removing unneeded permissions from app developers."I'm so sorry, I know it a pain in the a$$, but under SQL Server 20xx a login can't drop/recreate objects unless we make them database owner or sysadmin. It's a new default feature intended to tighten security and prevent SQL injection attacks. Do we really want to operate under a non-standard security configuration? It's best just to leave it as is and let the DBA execute all the deployments."
Because lying to management is such a great way to get them to trust you....
OK, but is it really a lie? I believe it's just being "economical with the truth".
http://en.wikipedia.org/wiki/Lie#Types
Notice I never said that it's impossible to continue granting such privillage going forward. It's actually true (for the most recent release as well as all past releases) that a login can't drop/recreate objects unless it's a member of the SYSADMIN role or at least DBO for the database, and it's also true that granting membership in those roles to non-operational staff exposes security risks needlessly.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
September 30, 2014 at 7:41 am
GilaMonster (9/30/2014)
Eric M Russell (9/29/2014)
Upgrading to the next release of SQL Server offers an excellent pretext for removing unneeded permissions from app developers."I'm so sorry, I know it a pain in the a$$, but under SQL Server 20xx a login can't drop/recreate objects unless we make them database owner or sysadmin. It's a new default feature intended to tighten security and prevent SQL injection attacks. Do we really want to operate under a non-standard security configuration? It's best just to leave it as is and let the DBA execute all the deployments."
Because lying to management is such a great way to get them to trust you....
+Infinity.
--Jeff Moden
Change is inevitable... Change for the better is not.
September 30, 2014 at 7:50 am
Eric M Russell (9/30/2014)
OK, but is it really a lie? I believe it's just being "economical with the truth".
It's a lie by omission. Yes, it's a lie.
It's actually true (for the most recent release as well as all past releases) that a login can't drop/recreate objects unless it's a member of the SYSADMIN role or at least DBO for the database
No, it's not true. The login can be granted CREATE/ALTER/DROP permissions on the database level without needing to be added to the db_owner role. Or it can be added to the db_ddladmin role.
Tell the boss that, then have a consultant or friend of his mention that they're using the same version and they don't have that problem. What's going to happen to your credibility then?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 15 posts - 16 through 30 (of 47 total)
You must be logged in to reply to this topic. Login to reply