Solved

Restrict SQL admin user

Posted on 2006-11-09
6
287 Views
Last Modified: 2008-03-04
We have a user who administers our SQL server.  He currently has the domain admin user account.  We would like to restrict him to the SQL server and a shared folder on another server.  What is the best way of loking him out of all other functionality.  He will probably need to log in via RDP.

Thanks
0
Comment
Question by:kapara
  • 3
  • 2
6 Comments
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17911848
If this is SQL2000, yuo have some options with varying levels of security:

Option A:

1. Just make him local administrator on the SQL Server

Option B:
1. Give him a standard windows account
2. Add that windows account as a login to the SQL Server
3. Add him to the 'System Administrators' role in SQL Server


Both of these options will give him administrative rights for the SQL Server as far as DBA tasks go.

Option A will of course also give him administrative rights to the entire SQL Server


In addition you will also need to give him access to the shared folder.
0
 
LVL 1

Author Comment

by:kapara
ID: 17912064
The SQL server is also a DC.
0
 
LVL 30

Expert Comment

by:nmcdermaid
ID: 17912448
So I assume that means option B.

If you take option B then in actual fact you don't even need to set up RDP, he can just use standard SQL Server client tools from a workstation.

It depends on exactly what DBA tasks he's doing as to whether he needs to log on to the server.

0
 
LVL 1

Author Comment

by:kapara
ID: 18148532
Will he need direct access to the folder where the db files are located or can he do everything he needs from the SQL client tools or sql manager?
0
 
LVL 30

Accepted Solution

by:
nmcdermaid earned 500 total points
ID: 18150620
No he can perform 95% of database administration through the SQL Server service. No one needs any file access to anything.

If your DBA needs to move or defrag the db files he will need access, but this really doesn't happen very often. If you DBA is just maintaining tables and indexes and stuff then he will be fine through the client tools.

0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Via a live example, show how to shrink a transaction log file down to a reasonable size.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now