Okay, once again the blind leading the blind here are seeking advice
from some of you with longer vision. We bought a server and SQL Server
7.0 Enterprise Addition, and had it installed on the campus network.
The network administrator naturally has concerns about keeping the
network running smoothly, and for that reason we decided it might be
best if I could do my job without being in the sysadmin group, and they
are willing to work with me on those occassions where I need something
done that requires sysadmin permissions.
Well, it is quickly becoming apparent that I have more reason to figure
out what can be done with SQL Server than they do, and we are tossing
around ideas about how to expand my access to the functionality of SQL
Server without implementing a policy that may come back to bite the
network if a) I do something really stupid or b) I leave and my
replacement assumes my permissions and does something really
Bottom line, they don't care how much I*up SQL Server (though
obviously I do and plan not to*it up), as long as I can't*
up the network connections to the server itself, or mess with anything
else on the network. So they don't really want me having local domain
server permissions, but don't care what permissions I have inside SQL
So here is one idea we are tossing about. It seems that making me a
member of the db_owner group in Master and MSDN lets me see what is
going on, make configuration changes internal to SQL Server, and use
all the stored procedures and Extended Stored Procedures that ship with
the product. That would greatly enhance my ability to work with SQL
Server on administrative tasks without needing to meet with one of the
network administrators and have him log in as a sysadmin. But what
should we be concerned about with this strategy? Are there things that
should be explicitly denied my account in order to protect the
network? SQL Server 7.0/Windows 2000 Server/Pure Windows 2000 network
specific comments are particularly helpful.
Thanks in advance for any advice/cautions/reassurances.
Bob Duniway - Recovering Gifted Child
Sent via Deja.com