December 24, 2008 at 4:07 am
HI all,
I have the permissions of db_owner,db_accessadmin and db_securityadmin and I tried to create a user with sp_adduser but iam getting the following error:
"User 'xxx" doesnt have permissions to run DBCC audit Event."
Can any one help me in it?
Regards
MAnjula
December 24, 2008 at 10:58 am
In SQL 2000, only dbo (not just member of db_owner) and members of sysadmin can execute sp_adduser. Try using sp_grantdbaccess instead.
Greg
December 24, 2008 at 12:20 pm
Hi ,
Thanks.I got it.
Ihave another doubt.Is segregation of duties possible in sql2000/sql 2005.
like all dba tasks separate and security admin tasks separate.
Kindly provide me answer for this.
Thanks in advance
MAnjula
December 29, 2008 at 12:26 pm
It depends on your definition of "dba tasks". The DBAs in my organization are members of the sysadmin server role and we don't farm out administrative duties to non-DBAs.
If you look at the definition of the securityadmin server role in BOL, you see that it can only GRANT, DENY, and REVOKE server-level permissions and database-level permissions.
Greg
December 30, 2008 at 1:32 am
Thanks Greg.But DBA who is having Sysadmin role will have the Security Priviliges like GRANT,REVOKE & DENY also.So our company wants to separte the tasks. Is it possible to have alternative roles to perform DBA tasks instead of Sysadmin role. correct me if am wrong.
December 30, 2008 at 9:27 am
You probably should read about the privileges of the various fixed server roles and fixed database roles in BOL. You can't create custom server roles, but you can create your own database roles, so you may be able to separate duties somewhat.
Greg
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply