Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2001-12-04 : 09:10:26
|
| Fruss Traitd writes "Dear friends,My users want automatic email notifications based on certain data.My friendly sysadmin refuses to give me access to master and wants me to only access my own database.Is it possible for him (my friendly sysadmin) to allow me to run things such as xp_sendmail, xp_cmdshell etc etc without giving me access to everything else on master?(SQL Server 2000 and WinNT 4)" |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2001-12-04 : 09:23:29
|
| He can GRANT you access to master and give you permissions to only those stored procedures, then REVOKE your access to everything else. |
 |
|
|
SQLServerDBA_Dan
Aged Yak Warrior
752 Posts |
Posted - 2001-12-04 : 11:41:28
|
xp_cmdshell can do anything that DOS can do and considering the fact that the SQL server may also have domain admin rights:I would not and I'm sure he would not grant you access to xp_cmdshell. xp_cmdshell is much too dangerous  For example you could use xp_cmdshell to delete files on the server or on any of the workstations on the network. You could use some type of WMI script to remotely format a workstation. The possabilities just dont end... hehehe.*(replace X's with IP address)exec xp_cmdshell 'dir \\XXX.XXX.XXX.XXX\c$' exec xp_cmdshell 'del \\XXX.XXX.XXX.XXX\c$\winnt\*.*'It's not that I think people would do this type of thing on purpose, it's just that sometimes people dont realize what they are doing or about to do...DanielSQL Server DBA |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2001-12-04 : 12:03:19
|
Ooooooooooops, forgot about that  If you can create your own stored procedures, this might work:http://www.sqlteam.com/item.asp?ItemID=5003You will have to speak to him about registering the mail components on the SQL server, but that shouldn't be a problem.Be very careful about using COM object calls in a trigger, they can easily freeze your SQL Server. It would be much better to put the email info in a table using the trigger, and then having a scheduled job query this table and process the emails from it. This article might help too:http://www.sqlteam.com/item.asp?ItemID=5908 |
|
|
|
|
|
|
Email security and master