Solved

Restrict SQL admin user

Posted on 2006-11-09
6
285 Views
Last Modified: 2008-03-04
We have a user who administers our SQL server.  He currently has the domain admin user account.  We would like to restrict him to the SQL server and a shared folder on another server.  What is the best way of loking him out of all other functionality.  He will probably need to log in via RDP.

Thanks
0
Comment
Question by:kapara
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17911848
If this is SQL2000, yuo have some options with varying levels of security:

Option A:

1. Just make him local administrator on the SQL Server

Option B:
1. Give him a standard windows account
2. Add that windows account as a login to the SQL Server
3. Add him to the 'System Administrators' role in SQL Server


Both of these options will give him administrative rights for the SQL Server as far as DBA tasks go.

Option A will of course also give him administrative rights to the entire SQL Server


In addition you will also need to give him access to the shared folder.
0
 
LVL 1

Author Comment

by:kapara
ID: 17912064
The SQL server is also a DC.
0
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17912448
So I assume that means option B.

If you take option B then in actual fact you don't even need to set up RDP, he can just use standard SQL Server client tools from a workstation.

It depends on exactly what DBA tasks he's doing as to whether he needs to log on to the server.

0
 
LVL 1

Author Comment

by:kapara
ID: 18148532
Will he need direct access to the folder where the db files are located or can he do everything he needs from the SQL client tools or sql manager?
0
 
LVL 30

Accepted Solution

by:
nmcdermaid earned 500 total points
ID: 18150620
No he can perform 95% of database administration through the SQL Server service. No one needs any file access to anything.

If your DBA needs to move or defrag the db files he will need access, but this really doesn't happen very often. If you DBA is just maintaining tables and indexes and stuff then he will be fine through the client tools.

0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Introduced in Microsoft SQL Server 2005, the Copy Database Wizard (http://msdn.microsoft.com/en-us/library/ms188664.aspx) is useful in copying databases and associated objects between SQL instances; therefore, it is a good migration and upgrade tool…
Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now