June 11, 2013 at 8:25 am
Hi all,
I'm looking at a way of allowing a Jnr DBA user to create sql logins and then map those logins to users to what could be one or many databases. Ideally i want to do this without giving them sysadmin rights.
If i grant them the server level permission ALTER ANY LOGIN then they are able to create the login but not able to then map the login to a database. I think if i give the Jnr DBA user the ALTER USER permission then this would work but as this is a database level permission i didnt really wont to do this on every database.
Any ideas would be much appriciated.
Many thanks
Frant
June 11, 2013 at 8:31 am
Looks to me that you may need to write a procedure that is granted the necessary privileges to accomplish this task for the Jr DBA's based on information they pass to the stored procedure.
May I ask why you restrict the rights of the Junior DBA? To me a DBA is a DBA and needs the rights necessary to do the job and tasks assigned.
June 11, 2013 at 8:52 am
In this case i'm just using Jnr DBA as a title maybe i should have said co-worker. Currently the login creation task would be the only sql function they would be doing. Hence why i was reluctant to give them sysadmin rights
Thanks
frant101
June 11, 2013 at 9:00 am
I stick with my original suggestion, write a stored procedure that does the work with elevated permissions based on data passed into the procedure and give your co-worker execute permission to that stored procedure.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply