Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
nwalter
Starting Member
39 Posts |
 Posted - 2009-03-11 : 14:20:28
|
| I'm getting about fed up with crappy applications that actually do a check for sysadmin permissions before loading or performing certain functions. I know how to delegate the permissions perfectly fine except the developers, in all their wisdom make use of the IS_SRVROLEMEMBER function and programatically stop the application from running if it's not correct.Is there ANY way around this? Anyway I can trick an application into thinking IS_SRVROLEMEMBER returns the true value it wants? Any way to just modify IS_SRVROLEMEMBER to always return 1, or any way to just override that function and have it call another custom function instead?Maybe the SQL developers should just take that function out of SQL server all together so poor developers can stop relying on it to write their applications. |
|
|
guptam
Posting Yak Master
161 Posts |
Posted - 2009-03-11 : 16:14:29
|
| IS_SRVROLEMEMBER is part of the system catalog and shipped Microsoft function you can't modify it. Why do the developers want to run under sysadmin? That is asking for pain from every angle. I am taking a guess they want sysadmin because they like doing ddl changes right on server? If you don't have the backing of upper management to stop developers from doing this. I would recommend you make a DDL audit trigger to track DDL changes so you can cover yourself. This will also help you show that if anyone is doing "shotgun" fixes that they shouldn't be doing.Thanks.-- Mohit K. GuptaB.Sc. CS, Minor JapaneseMCITP: Database AdministratorMCTS: SQL Server 2005http://sqllearnings.blogspot.com/ |
 |
|
|
nwalter
Starting Member
39 Posts |
Posted - 2009-03-11 : 17:18:27
|
| It's a vendor purchased app unfortunately. If it was our own developers I would take them out back and whip them until they fixed the code. The app needs sysadmin so it can dynamically create and manage SQL Agent jobs... And yes I know how wrong that is, but I have no choice as even delegating the correct permissions doesn't work because the app won't even get that far unless it gets a 1 value back from IS_SRVROLEMEMBER. |
|
|
|
guptam
Posting Yak Master
161 Posts |
Posted - 2009-03-11 : 19:29:33
|
| ohh and it checks for sysadmin roll? I was going to say why not just dump the login into the SQLAgentOperatorRole ... guess that is not an option :(.-- Mohit K. GuptaB.Sc. CS, Minor JapaneseMCITP: Database AdministratorMCTS: SQL Server 2005http://sqllearnings.blogspot.com/ |
|
|
|
|
|
|
Applications that check sysadmin