Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
pateal
Starting Member
3 Posts |
 Posted - 2008-05-14 : 01:45:22
|
| I had created three users for my centeralized database server. usernames are1.sa2.production3.praveenI had given the permissions as followsfor production i given the permissions for each database dddatawriter,datareader, db_executor,publicfor praveen i had given full permissionsfor sa I want full permissions so i had given each and every thingmy aim is as follows. i want permissions according to this one.for production he is not able to change the coloumn name,he is not able to backup database or restore database, and also he is not able to change password of any loginsFor this one i got it correctly . but while coming to praveen loginHe is able to do anything regarding database . but i don't want to give permissions to chnage passwords of his login and at the same time any login . can you give any idea regarding this permissions. For sa i want to full permssions he is able to change passwords of any login .please kindly help me in this |
|
|
sodeep
Master Smack Fu Yak Hacker
7174 Posts |
Posted - 2008-05-14 : 10:00:36
|
| why you gave praveen full permission? Remove db_securityadmin . |
 |
|
|
pateal
Starting Member
3 Posts |
Posted - 2008-05-14 : 10:24:40
|
| I had removed the security admin in server roles for praveen login eventhough he is able to change the sa login password.I want to restrict that praveen user for changing password. |
|
|
|
sodeep
Master Smack Fu Yak Hacker
7174 Posts |
Posted - 2008-05-14 : 10:30:32
|
| what! you gave all server role as well? I said to remove db_securityadmin which is fixed database roles? Give only what praveen needs.understand server roles and fixed database roles on BOL. |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-05-14 : 22:39:40
|
| Take it out from all server roles except public role. Anyway, user can change own password by default. You may need take out exec permission on master..sp_password from public. |
|
|
|
pateal
Starting Member
3 Posts |
Posted - 2008-05-15 : 01:53:36
|
| OK any way . Basically i am a system admin . now i got role to create amd maintain the sql server centerailzed. So now i started sql server first time in the centeralized server . Basically I don't have any idea on permissions and server roles. And i don't the difference,clarity about the sql terms. so i started first time with 3 user logins one is sa which is for me. second one is production for general use for developers in these they are able to execute ,change the values except that they cann't do any thing i.e they cann't create a tabel or modify a table etc. That one i got it perfectly by creating a role ascreate role db_executor;grant execute to db_executor;While coming to second login i.e production . I wann't to grant maximum permissions i.e he is able create or modify databases & table,column names . But I want to restrict to change the password of sa and also if possible his login and production login.For sa i want real time system administrator privileges. I don't the difference between server role and server mappings. can you any body explain the basic roles or provide me a basic level tutorials links for mepraveenkumar.chsystem adminatherstone consulting ltd |
|
|
|
sodeep
Master Smack Fu Yak Hacker
7174 Posts |
Posted - 2008-05-15 : 08:31:30
|
| Thats why you have to look Books onlines for Server roles and database Permission |
|
|
|
rmiao
Master Smack Fu Yak Hacker
7266 Posts |
Posted - 2008-05-15 : 22:47:50
|
| Put praveen in db_owner role of each user db. |
|
|
|
|
|
|
sql server login permissions