Post reply

Rights to Data Folder

  • February 10, 2011 at 8:51 am

    #233387

    My Window System Administrators are concerned with adding my Windows account to allow me to access the DATA and Backup folders. I am the DBA and in the "sysadmin" server role within SQL Server. They think since the standard installation locks down the DATA and BACKUP folders in Windows 2008 so it is inappropriate to allow anyone access to those folders for security reason.

    What I'm wondering is what NTFS rights or processes are DBA's copying files to and from the BACKUP and DATA folders?

    For example say you want a copy of a database backup so you can copy it to another server how do you get access to the directory that contains the backup? Do you have rights to the installed backup directory? Or do you just create your own backup directory and write to that?

    What about if you want to copy a mdf and ldf file into the DATA folder so you can attach it. How do you do that and what rights are you give to the DATA folder that SQL Server installs? Or do you just create a secondard DATA folder and attach it from there.

    I personally think DBA's in the "Sysadmin" server role should be given some rights to those underlying SQL Server installation folders. I can totally trash SQL Server with my "Sysadmin" right and create backups where ever I choose. Is it really more secure to not allow a sysadmin rights to the underlying SQL Server Installation Folders?

    I need a reality check!!! Maybe I'm living in the twilight zone.

  • February 13, 2011 at 9:16 am

    #1286160

    DBA's should have read/write/copy/paste permission on all SQL server folders.

  • February 14, 2011 at 12:46 am

    #1286311

    Yep,You should have that permission.Ask you Manager Or N/W to grant the required privilege.

    If you don't have any choice then go for "cmdshell" (security risk).

    Muthukkumaran Kaliyamoorthy
    https://www.sqlserverblogforum.com/

  • February 24, 2011 at 2:26 am

    #1290792

    I think the DBA could access these folder if the SQL Server servcie account has the permission.

  • February 24, 2011 at 3:44 am

    #1290832

    These are intresting discussing between OS ppl and SQL DBA'ers. If you can the discussion ends with not have the ntfs rights you can always ask for a share of those folders

    • Viewing 5 posts - 1 through 4 (of 4 total)

    You must be logged in to reply to this topic. Login to reply