Solved

Restrict SQL admin user

Posted on 2006-11-09
6
293 Views
Last Modified: 2008-03-04
We have a user who administers our SQL server.  He currently has the domain admin user account.  We would like to restrict him to the SQL server and a shared folder on another server.  What is the best way of loking him out of all other functionality.  He will probably need to log in via RDP.

Thanks
0
Comment
Question by:kapara
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17911848
If this is SQL2000, yuo have some options with varying levels of security:

Option A:

1. Just make him local administrator on the SQL Server

Option B:
1. Give him a standard windows account
2. Add that windows account as a login to the SQL Server
3. Add him to the 'System Administrators' role in SQL Server


Both of these options will give him administrative rights for the SQL Server as far as DBA tasks go.

Option A will of course also give him administrative rights to the entire SQL Server


In addition you will also need to give him access to the shared folder.
0
 
LVL 1

Author Comment

by:kapara
ID: 17912064
The SQL server is also a DC.
0
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17912448
So I assume that means option B.

If you take option B then in actual fact you don't even need to set up RDP, he can just use standard SQL Server client tools from a workstation.

It depends on exactly what DBA tasks he's doing as to whether he needs to log on to the server.

0
 
LVL 1

Author Comment

by:kapara
ID: 18148532
Will he need direct access to the folder where the db files are located or can he do everything he needs from the SQL client tools or sql manager?
0
 
LVL 30

Accepted Solution

by:
nmcdermaid earned 500 total points
ID: 18150620
No he can perform 95% of database administration through the SQL Server service. No one needs any file access to anything.

If your DBA needs to move or defrag the db files he will need access, but this really doesn't happen very often. If you DBA is just maintaining tables and indexes and stuff then he will be fine through the client tools.

0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question