I'm a beginning DBA being asked to document things such as login user security mappings, jobs and schedules, DB names/filegroups/files users and their DB mappings... basically all things DBA. I would like to learn what are the minimal server roles and permissions I need to do this? I assume I can use Managment consule to view this information if I can read the system tables? I'd like to propose a login strategy which ensures I can report on the production databases from a DBA standpoint but NOT be able to read/write/delete production data. What login strategy should I suggest to the team? Thank you
You need db_reader to know the details but requires db_owner to maintain database permission levelss. If you are the DBA, you need to have sysadmin roles to perform allmthe actions.
Thanks srimami, I'm charged with REPORTING only. By reporting, I mean reporting on how the previous DBA's have set things up. To protect myself, I want no ability to maintain databases or the server. THIS IS IMPORTANT.. I'm looking for a create login script which serves as evidence that I can report on DBA configurations (security/jobs/backups/configurations/user mappings and object privilages/linked servers... basically everything. But I'd like to do this WITHOUT being able to change anything or read data.
What I'm looking for is a DBA Audit Role. Does it exist?
Some of the areas of information can be granted piecemeal (e.g., diskadmin for disk and file information) but since you are reporting on a fuller range of areas, you'll need sysadmin privileges. You'll need these to read as well as change the configuration.
================================================= There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber
What Login, roles and permissions do I need
Posted - 02/20/2013 : 17:55:09
