Post reply

Controling sysadmin fixed server role permissions...

  • April 16, 2007 at 9:37 am

    #175858

    Hai all,

      Can any one tell me how one can control sysadmin fixed server role permissions in sql server ?

    For ex: I have created two logins with "sysadmin" permissions, now one of them logged to the server and does some modifications to the databases. Now how does the other person(other login, which has same sysadmin permission) knows these modifications, when he log in to the server. Does it makes sense.

    Thanks, in advance.

    Y.Kiran Kumar.

    Regards,

    -Kiran

  • April 16, 2007 at 10:20 am

    #700732

    You can't control the permissions for the role.  As the name suggests, permissions are "fixed" and can't be changed. 

    If both logins are members of the sysadmin role, they should see the same thing when connected to the instance.  Are there specific modifications that the first login made that the second login can't see?

    Greg

    Greg

  • April 19, 2007 at 11:15 am

    #701517

    Thanks Greg,

      My question was how will the second sysadmin get an alert or saved on a log file about the changes made by the first sysadmin. What my intention is that sysadmin had very highlevel of permissions on controling objects in sqlserver, so is there any way to control his powers/permissions which he can only apply his permissions on some specific objects so that at later when he do any changes on that object simply an alert will pop-up. I hope you understand my question.

    Thanks,

    Y.Kiran Kumar.

    Regards,

    -Kiran

  • April 19, 2007 at 12:18 pm

    #701548

    "so is there any way to control his powers/permissions which he can only apply his permissions on some specific objects"

    No.  As I posted before, there's no way to restrict sysadmin permissions.

    "later when he do any changes on that object simply an alert will pop-up."

    Now, I think you're talking about monitoring the actions of sysadmin.  As it happens, I'm currently researching the use of DDL triggers and Event Notifications in SQL 2005.  I haven't gotten far enough to be able to instruct you how to set it up, but you can find info on this site and in BooksOnLine by searching for "DDL triggers" and "Event Notification".

    Greg

    Greg

  • April 20, 2007 at 1:06 am

    #701637

    Thanks Greg,

      I'll go through the BooksOnLine as you said and try to get information for the "DDL trigges" and "Event Notification" in SQL Server 2005.

    Y.Kiran Kumar.

    Regards,

    -Kiran

  • July 4, 2007 at 2:54 am

    #717091

    Also read on server side tracing that might help you more.

    Cheers,
    Sugeshkumar Rajendran
    SQL Server MVP
    http://sugeshkr.blogspot.com

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply