June 17, 2011 at 6:43 am
WayneS (6/16/2011)
Roy Ernest (6/16/2011)
Jeff, I am surprised that your session did not make the cut. I was looking forward to meeting you again. Darn.. Dont the MVPs get a special discount or something that you can come? This sucks. I know that Paul, Grant, Steve and Gail got their session approved. But I am not sure about Wayne.I am glad that I did not submit any sessions. This year I volunteered for the program committee and I am doing abstract editing and all kinds of stuff. If your session is not accepted, there is no chance that mine will. I was planning to submit one next year, but now I am not sure.
"Considered". Like most others, I didn't make the cut. (Too many submissions for the # of sessions.)
Edit: trying to get work to send me. They seem open... but at today's pricing, plus 2 pre-cons, + 6 nights in hotel, it's like $3600. We'll see what happens. I definitely want to see the Gail & Grant show! Adam's looks pretty interesting also (thankfully, they are on different days).
I always try to quantify the advantages for my employer !
In stead of using the crappy ROI stuff on the sqlpass site, which highlights on personal advantages, and the fun time, I keep an inventory of things that happened and how the conference helped me to cope with the issues, helped me to prepare the upgrade preparation and roll out(s), enhance DRP and security, ...
Of course, at DR times, your network can save your a**, but that's not what your employer is interested in !
I also bring into account, if I were to attend individual (point and click) MS courses, it would need more than the yearly conference cost !
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
June 17, 2011 at 6:43 am
quick straw poll if you don't mind guys -
how much access should developers have in a development environment?
---------------------------------------------------------------------
June 17, 2011 at 6:50 am
george sibbald (6/17/2011)
quick straw poll if you don't mind guys -how much access should developers have in a development environment?
As much as they need. Really, in a dev environment, I'm used to developers having full access to anything and everything. And none at all in production.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
June 17, 2011 at 6:53 am
george sibbald (6/17/2011)
quick straw poll if you don't mind guys -how much access should developers have in a development environment?
Sandbox - Everything, sa
Shared Environment - generally ddl_admin, security_admin, data_reader, data_writer + user permissions through app. Sometimes everything so that they can restore a database.
QA - user permissions through app, data_reader
Staging - user permissions through app
Production - "No, you can't have access to production."
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
June 17, 2011 at 7:28 am
cheers guys, not too far off my views, though I am not sure about security admin.
Gus, SA in dev, really? Should that ever be a necessity?
any more for any more?
---------------------------------------------------------------------
June 17, 2011 at 7:32 am
george sibbald (6/17/2011)
cheers guys, not too far off my views, though I am not sure about security admin.Gus, SA in dev, really? Should that ever be a necessity?
any more for any more?
Security admin lets them set permissions on the objects they create. I don't give them access_admin if I can help it.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
June 17, 2011 at 7:34 am
george sibbald (6/17/2011)
cheers guys, not too far off my views, though I am not sure about security admin.Gus, SA in dev, really? Should that ever be a necessity?
any more for any more?
Part of my requirement for dev is that it be set up in such a way that breaking it inconveniences nobody except the devs. If they have too much access, and misuse it, they don't get to do anything that matters, and if they break it, they have to answer to other devs as to why they can't work.
I've never yet had a problem with it. It allows them to do things that require extended permissions during proof-of-concept phases, and then cut back to what the application actually needs as they move forward.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
June 17, 2011 at 7:35 am
george sibbald (6/17/2011)
quick straw poll if you don't mind guys -how much access should developers have in a development environment?
None, they will only break it 😛
(only joking right ;-))
Far away is close at hand in the images of elsewhere.
Anon.
June 17, 2011 at 7:49 am
GSquared (6/17/2011)
george sibbald (6/17/2011)
quick straw poll if you don't mind guys -how much access should developers have in a development environment?
As much as they need. Really, in a dev environment, I'm used to developers having full access to anything and everything. And none at all in production.
Sort of ditto. We give them db_owner on certain dev databases. Other dev databases belong to the DBA team. They definitely don't get Sysadmin.
June 17, 2011 at 7:50 am
Grant Fritchey (6/17/2011)
george sibbald (6/17/2011)
cheers guys, not too far off my views, though I am not sure about security admin.Gus, SA in dev, really? Should that ever be a necessity?
any more for any more?
Security admin lets them set permissions on the objects they create. I don't give them access_admin if I can help it.
? t'other way round surely?
From BOL -
Members of the securityadmin fixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.
---------------------------------------------------------------------
June 17, 2011 at 7:54 am
[quote-0Part of my requirement for dev is that it be set up in such a way that breaking it inconveniences nobody except the devs. [/quote-0]
How do you do that Gus. I have found where devs have SA, when it becomes messy, it becomes the DBA's problem.
---------------------------------------------------------------------
June 17, 2011 at 8:49 am
george sibbald (6/17/2011)
Grant Fritchey (6/17/2011)
george sibbald (6/17/2011)
cheers guys, not too far off my views, though I am not sure about security admin.Gus, SA in dev, really? Should that ever be a necessity?
any more for any more?
Security admin lets them set permissions on the objects they create. I don't give them access_admin if I can help it.
? t'other way round surely?
From BOL -
Members of the securityadmin fixed server role manage logins and their properties. They can GRANT, DENY, and REVOKE server-level permissions. They can also GRANT, DENY, and REVOKE database-level permissions. Additionally, they can reset passwords for SQL Server logins.
Typo: db_securityadmin. Sorry about that.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
June 17, 2011 at 9:04 am
george sibbald (6/17/2011)
Part of my requirement for dev is that it be set up in such a way that breaking it inconveniences nobody except the devs.
How do you do that Gus. I have found where devs have SA, when it becomes messy, it becomes the DBA's problem.
The whole idea in the dev environment is that they SHOULD test stuff till they break it. That's how they find out how it can break.
If they aren't throwing injection attacks with real consequences into their dev code, they aren't testing it, and so on. Hopefully, and usually, they write code that prevents breakage. If they haven't, backups get restored, they wait for those (their inconvenience), and they fix what broke things.
I work with good devs. We've not yet had a problem caused by over-access, and the full sa level access allows them to make sure their code will still be as harmless as possible even if someone gets a rights-escalation attack to work.
If you don't grant full access, how do you otherwise test for that kind of scenario? You need to be sure that the code won't harm anything even if it has rights it really shouldn't, or you're opening yourself up if someone ever does escalate rights. Then, in QA and production, it has very reduced rights, and it's even safer.
But you first need to be sure you've mitigated the risk even in "worst case scenarios".
Honestly, if your main security against injection attacks (for example) is "they won't be able to do anything because of the account the application is connecting with", then you don't have security, you have a situation I call "cardboard cut-out guardians". They look like security guards from a distance, but, when it comes to actually stopping anyone, they just stand there and look good from a distance.
How do you deal with that? If there's a better method, I'm happy to hear it.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
June 17, 2011 at 9:06 am
Craig Farrell (6/17/2011)
WayneS (6/16/2011)
Edit: trying to get work to send me. They seem open... but at today's pricing, plus 2 pre-cons, + 6 nights in hotel, it's like $3600. We'll see what happens. I definitely want to see the Gail & Grant show! Adam's looks pretty interesting also (thankfully, they are on different days).I, personally, just want to hear her accent live. That accent speaking pure geek is nearly a pure aphrodisiac on the level of Viagra.
Crap, TMI again, didn't I?
Yup = you did
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
June 17, 2011 at 9:09 am
Grant Fritchey (6/17/2011)
george sibbald (6/17/2011)
quick straw poll if you don't mind guys -how much access should developers have in a development environment?
Sandbox - Everything, sa
Shared Environment - generally ddl_admin, security_admin, data_reader, data_writer + user permissions through app. Sometimes everything so that they can restore a database.
QA - user permissions through app, data_reader
Staging - user permissions through app
Production - "No, you can't have access to production."
Exactly...
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 15 posts - 27,421 through 27,435 (of 66,712 total)
You must be logged in to reply to this topic. Login to reply