SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 What Login, roles and permissions do I need
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

jarthda
Starting Member

10 Posts

Posted - 02/20/2013 :  17:55:09  Show Profile  Reply with Quote
I'm a beginning DBA being asked to document things such as login user security mappings, jobs and schedules, DB names/filegroups/files users and their DB mappings... basically all things DBA. I would like to learn what are the minimal server roles and permissions I need to do this? I assume I can use Managment consule to view this information if I can read the system tables?
I'd like to propose a login strategy which ensures I can report on the production databases from a DBA standpoint but NOT be able to read/write/delete production data. What login strategy should I suggest to the team?
Thank you

Jarthda
Embarcadero/SQL Server/and now... Informatica

srimami
Posting Yak Master

160 Posts

Posted - 02/20/2013 :  19:57:27  Show Profile  Reply with Quote
You need db_reader to know the details but requires db_owner to maintain database permission levelss. If you are the DBA, you need to have sysadmin roles to perform allmthe actions.
Go to Top of Page

jarthda
Starting Member

10 Posts

Posted - 02/21/2013 :  12:30:26  Show Profile  Reply with Quote
Thanks srimami, I'm charged with REPORTING only. By reporting, I mean reporting on how the previous DBA's have set things up. To protect myself, I want no ability to maintain databases or the server. THIS IS IMPORTANT.. I'm looking for a create login script which serves as evidence that I can report on DBA configurations (security/jobs/backups/configurations/user mappings and object privilages/linked servers... basically everything. But I'd like to do this WITHOUT being able to change anything or read data.

What I'm looking for is a DBA Audit Role. Does it exist?

Jarthda
Embarcadero/SQL Server/and now... Informatica
Go to Top of Page

Bustaz Kool
Flowing Fount of Yak Knowledge

USA
1643 Posts

Posted - 02/22/2013 :  18:29:44  Show Profile  Reply with Quote
Some of the areas of information can be granted piecemeal (e.g., diskadmin for disk and file information) but since you are reporting on a fuller range of areas, you'll need sysadmin privileges. You'll need these to read as well as change the configuration.

=================================================
There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.03 seconds. Powered By: Snitz Forums 2000