Pages

Tuesday, September 5, 2017

Uptight Database Security

If you need a practical approach to managing database administrator access without always granting the sysadmin role to your database administrators then I encourage you to vote for my GroupBy session for the December lineup. 


As the SQL Server security model has become more granular, it is now easier to do routine database administration without sysadmin access. Starting with SQL Server 2005, administering SQL Server without sysadmin access is now possible for many of the typical DBA tasks.

For example, a DBA only needs the ALTER SETTINGS permission to use the sp_configure command on a database instance. To run SELECT queries on Database Management Views requires either VIEW SERVER STATE or VIEW DATABASE STATE depending on the DMV being queried. To use Query Store requires only VIEW DATABASE STATE. CONTROL SERVER can be granted to DBAs that allows them to do almost all the tasks that sysadmin allows but unlike the sysadmin role, it can be DENYED access to data that the business considers sensitive.

This session will review a proven process for managing database administrators permissions without giving uncontrolled sysadmin access.

If you want more practical advice on how to manage database administrator access, vote for this session.

Thank you for your consideration.