Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
vdavid70
Yak Posting Veteran
67 Posts |
 Posted - 2006-10-18 : 12:23:41
|
| I have got a big security problem. I am the dba of a local governemnt organisation where we have about 50 database residing on several sql server servers. Now we also have developers who have a client instance of sql server installed on their machines.Therefore they have the sql servers registered on their local client version of sql server. Now my question is how do i restrict them to just been able to create and manipulate tables,views and stored procedures alone. I dont want them to be able have the rights to create or manipulate users,roles,agent jobs etc, or delete anything from the sql servers. |
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2006-10-18 : 12:32:09
|
| I'm guessing you are v2000.Have a look at database roles and server roles.Then play with db_ddladmin, db_securityadmin.Make sure they aren'r dbo or sysadmin.Anything they create will be owned by them rather than dbo which may cause problems.If they are local admin on the machine then you can't restrict them.You also might want to create a read only role.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
 |
|
|
dewacorp.alliances
452 Posts |
Posted - 2006-10-19 : 12:48:20
|
| This kind of thing is relly hard to restricted in the individual database level due to they are a developer and they normally know what is the dbo account for accessing the database regardless if it's a production environment.But in the server level, you should restrict for sa and obviously the NT account is not a member of local admin or domain admin. |
|
|
|
|
|
|
Security