Access required to grant fixed role membership to database user

  • Hi DBAs, I have a question related to database security.

    We hired a team to perform access provisioning and removal from database. The main function of the team will be to control database security access only. Thus we don't want to give them db_owner or sysadmin level of permission.

    We tried with providing the team db_securityadmin and db_accesadmin but those are not sufficient roles. Can someone suggest workaround to provide access to the team to manage database level security i.e.

  • So what does this team need to do, which is not covered by db_securityadmin and db_accessadmin? Without this information, your question is somewhat difficult to answer.

    I note in Books Online that it says: "Adding members to fixed database roles requires membership in the db_owner fixed database role." And that's a good thing, or else the team members could add themselves to db_owner.

    Maybe the best if you give the team a copy of the database, and then you can use a tool like Red Gate's SQLCompare, or SQL Server Data Tools to replicate permissions and other security-related things from their copy once they are done. Or simply ask the team to produce a script that you can review.

    [font="Times New Roman"]Erland Sommarskog, SQL Server MVP, www.sommarskog.se[/font]

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply