February 11, 2010 at 3:02 pm
What Fixed server role required for Object creation in sys databases?
Does login/connected user have to be db_owner, dbo or sysadmin [server role]?
I'm trying to downgrade privileges for application owners that are doing admin and configuration to SQL databases through app UI. Some of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).
Thanks,
Zee
February 12, 2010 at 2:07 am
ZeeAtl (2/11/2010)[hrSome of these apps through these users connections are creating objects in tempdb (e.g. User Defined Table).
Why? In general stuff like that is a bad idea with lots of support nightmares. Remember TempDB is completely recreated whenever SQL starts. Anything (tables, permissions, etc) in there is dropped.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
February 12, 2010 at 6:15 am
I have no control over it. It is simply an operation that is executed with certain application activities. I'm not sure what the final result is.
My question is whether with these "black-box" behind the scenes operations going on, does that account connecting to SQL Server need to be sysadmin to have privileges to do this?
In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases? I would assume not, but I'm unsure.
Thanks.
February 12, 2010 at 7:08 am
No it cannot...
February 12, 2010 at 7:18 am
ZeeAtl (2/12/2010)
In essence, can a non-Sysadmin, non-DBO, or non-db_owner role member create objects in the system databases?
Yes. Ddl_admin is more than sufficient.
Do note that TempDB is recreated completely on every start and hence all user permissions and tables will disappear. You need a way to put the permissions (and any necessary tables) back after a restart. Not trivial.
Is this 'operation' something written by in-house developers or is it a 3rd part vendor?
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
February 12, 2010 at 11:16 am
Third party application. I have no idea what the app is doing. It is hitting TempDB more than infrequently though.
Thx,
Zee
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply