Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jarthda
Starting Member
10 Posts |
 Posted - 2013-02-20 : 17:55:09
|
| I'm a beginning DBA being asked to document things such as login user security mappings, jobs and schedules, DB names/filegroups/files users and their DB mappings... basically all things DBA. I would like to learn what are the minimal server roles and permissions I need to do this? I assume I can use Managment consule to view this information if I can read the system tables?I'd like to propose a login strategy which ensures I can report on the production databases from a DBA standpoint but NOT be able to read/write/delete production data. What login strategy should I suggest to the team?Thank youJarthdaEmbarcadero/SQL Server/and now... Informatica |
|
|
srimami
Posting Yak Master
160 Posts |
Posted - 2013-02-20 : 19:57:27
|
| You need db_reader to know the details but requires db_owner to maintain database permission levelss. If you are the DBA, you need to have sysadmin roles to perform allmthe actions. |
 |
|
|
jarthda
Starting Member
10 Posts |
Posted - 2013-02-21 : 12:30:26
|
| Thanks srimami, I'm charged with REPORTING only. By reporting, I mean reporting on how the previous DBA's have set things up. To protect myself, I want no ability to maintain databases or the server. THIS IS IMPORTANT.. I'm looking for a create login script which serves as evidence that I can report on DBA configurations (security/jobs/backups/configurations/user mappings and object privilages/linked servers... basically everything. But I'd like to do this WITHOUT being able to change anything or read data. What I'm looking for is a DBA Audit Role. Does it exist?JarthdaEmbarcadero/SQL Server/and now... Informatica |
|
|
|
Bustaz Kool
Master Smack Fu Yak Hacker
1834 Posts |
Posted - 2013-02-22 : 18:29:44
|
| Some of the areas of information can be granted piecemeal (e.g., diskadmin for disk and file information) but since you are reporting on a fuller range of areas, you'll need sysadmin privileges. You'll need these to read as well as change the configuration.=================================================There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber |
|
|
|
|
|
|
What Login, roles and permissions do I need