SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 OK to Grant Execute on xp_sendmail to Developers?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

DBADave
Constraint Violating Yak Guru

USA
366 Posts

Posted - 01/08/2004 :  16:29:05  Show Profile  Reply with Quote
Are there any issues with granting execute permission on xp_sendmail to developers on Development and Test database servers?

Thanks, Dave

tkizer
Almighty SQL Goddess

USA
36895 Posts

Posted - 01/08/2004 :  16:34:12  Show Profile  Visit tkizer's Homepage  Reply with Quote
In my opinion, no.

Tara
Go to Top of Page

DBADave
Constraint Violating Yak Guru

USA
366 Posts

Posted - 01/08/2004 :  16:40:56  Show Profile  Reply with Quote
What problems do you think it may cause?
Go to Top of Page

MichaelP
Jedi Yak

USA
2489 Posts

Posted - 01/08/2004 :  17:06:02  Show Profile  Visit MichaelP's Homepage  Reply with Quote
IMHO, with Development and test servers who cares? When they want that stuff on production servers, then you probably need to be a bit concerned as to what they are doing with it.

Michael


<Yoda>Use the Search page you must. Find the answer you will.</Yoda>
Go to Top of Page

tkizer
Almighty SQL Goddess

USA
36895 Posts

Posted - 01/08/2004 :  17:06:58  Show Profile  Visit tkizer's Homepage  Reply with Quote
I can't think of any problems.

Tara
Go to Top of Page

DBADave
Constraint Violating Yak Guru

USA
366 Posts

Posted - 01/08/2004 :  17:18:39  Show Profile  Reply with Quote
Thanks all.

I'm always afraid to grant developers too many permissions, but in this case I don't think I can come up with a good argument as to why they shouldn't be allowed.

Dave
Go to Top of Page

DBADave
Constraint Violating Yak Guru

USA
366 Posts

Posted - 01/08/2004 :  17:44:37  Show Profile  Reply with Quote
One more question. Is there a way to grant Execute permission on xp_sendmail without giving someone the ability to have Select permission against system tables in master?

Dave
Go to Top of Page

tkizer
Almighty SQL Goddess

USA
36895 Posts

Posted - 01/08/2004 :  17:51:34  Show Profile  Visit tkizer's Homepage  Reply with Quote
Yes, you could give them db_denydatareader role in the master database. I'm sure that would work. But does it matter if they can see the system objects? They can't do anything with them. What's the harm of seeing in a development or test environment?

Tara

Edited by - tkizer on 01/08/2004 17:51:53
Go to Top of Page

DBADave
Constraint Violating Yak Guru

USA
366 Posts

Posted - 01/08/2004 :  17:58:27  Show Profile  Reply with Quote
I tried that and received an error message while attempting to connect to the server. Select Permission Denied on spt_values. That one surprised me.

I'm not sure if it is a problem. I'm asking our entire DBA team for their oppinion. The only potential issue I can see is opening up the possibility of more questions due to the extra info. they can find in the system tables.

Dave
Go to Top of Page

tkizer
Almighty SQL Goddess

USA
36895 Posts

Posted - 01/08/2004 :  18:07:02  Show Profile  Visit tkizer's Homepage  Reply with Quote
Who got the error? I think all that you need to do to correct it is change their default database to a database other than master.

Tara

Edited by - tkizer on 01/08/2004 18:08:05
Go to Top of Page

DBADave
Constraint Violating Yak Guru

USA
366 Posts

Posted - 01/09/2004 :  10:09:24  Show Profile  Reply with Quote
Unfortunately that didn't work. It looks like the login process needs to access master..spt_values regardless of the default database. db_denydatareader automatically makes accessing spt_values impossible and it takes precedence over me explicitly granting select permission on spt_values to the user id. That kinda makes me wonder why db_denydatareader even exists in master if it does not allow someone to login to the database server. Perhaps there is another work-around I'm not aware of.

Dave
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.08 seconds. Powered By: Snitz Forums 2000