Solved

Restrict SQL admin user

Posted on 2006-11-09
6
296 Views
Last Modified: 2008-03-04
We have a user who administers our SQL server.  He currently has the domain admin user account.  We would like to restrict him to the SQL server and a shared folder on another server.  What is the best way of loking him out of all other functionality.  He will probably need to log in via RDP.

Thanks
0
Comment
Question by:kapara
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17911848
If this is SQL2000, yuo have some options with varying levels of security:

Option A:

1. Just make him local administrator on the SQL Server

Option B:
1. Give him a standard windows account
2. Add that windows account as a login to the SQL Server
3. Add him to the 'System Administrators' role in SQL Server


Both of these options will give him administrative rights for the SQL Server as far as DBA tasks go.

Option A will of course also give him administrative rights to the entire SQL Server


In addition you will also need to give him access to the shared folder.
0
 
LVL 1

Author Comment

by:kapara
ID: 17912064
The SQL server is also a DC.
0
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17912448
So I assume that means option B.

If you take option B then in actual fact you don't even need to set up RDP, he can just use standard SQL Server client tools from a workstation.

It depends on exactly what DBA tasks he's doing as to whether he needs to log on to the server.

0
 
LVL 1

Author Comment

by:kapara
ID: 18148532
Will he need direct access to the folder where the db files are located or can he do everything he needs from the SQL client tools or sql manager?
0
 
LVL 30

Accepted Solution

by:
nmcdermaid earned 500 total points
ID: 18150620
No he can perform 95% of database administration through the SQL Server service. No one needs any file access to anything.

If your DBA needs to move or defrag the db files he will need access, but this really doesn't happen very often. If you DBA is just maintaining tables and indexes and stuff then he will be fine through the client tools.

0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSRS  - Parameters with comma 10 40
SQL XPCMDSHELL SQLCMD 1 38
Any benefit to adding a Clustered index here? 4 37
Total count in section based report in SSRS 10 6
Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question