May 21, 2006 at 2:29 pm
Is it necessary to have DBAs with local machine user accounts with full local administration rights on a SQL server? We use SQL authentication.
Since administrators have rights to shutdown the machine, is seems more appropriate to give them all access they need except the reboot. Event logs are cleared after a day, so I cannot go back and see who did this. I trust most of them, but I am sure that there is a better way to give them access and keep me from unpleasant surprises....
This came up when the SQL server got rebooted without my knowledge. Unfortunately, this box has three insatnces of SQL installed and is used for customer facing activity as well as internal development--soon to change. Until then, I really do not want anyone bouncing the box without addvance notice as it affect others--not just the DBA group.
I removed named users from the lcoal admin account group. I would prefer to grant them access through a domain account logon in the sysadmin group as opposed to allowing full administrative rights to the local machine? Any suggestions?
May 22, 2006 at 8:09 am
DBAs with local admin access to the SQL Server box. Speaking as a DBA, no it's not really necessary. HOWEVER, that means we can't install updates, patches, etc. So you have to do that. And since it's important, I need it done now. Remember, the patch has to be applied to each instance separately and we have five instances on one server. Plus don't forget all the MSDE installs on almost every computer.
Come on, get it done quickly....there's a bad worm that affects SQL Server and I want my instances patched. (remember Slammer?)
-SQLBill
May 22, 2006 at 9:50 pm
Strictly speaking, it is not necessary for DBAs to be administrators of the systems themselves. It tends to make the job easier for everyone around, and so some organizations consider that flexibility worth the risk.
Let me say, though, that I don't think your core problem is that your DBAs have administrative access to the server. This statement greatly troubles me:
Since administrators have rights to shutdown the machine, is seems more appropriate to give them all access they need except the reboot. Event logs are cleared after a day, so I cannot go back and see who did this. I trust most of them, but I am sure that there is a better way to give them access and keep me from unpleasant surprises....
What you are saying is you have no audit trail. You have a customer facing system and if it were compromised, you do not have security event logs past a day out with which to do forensics on. This is not good. If you're worried about the size of the logs, there are tools out there (free, even) which can extract the logs and archive them off. I suggest you look into that first, because this is a bigger problem than whether or not the DBAs should have administrative rights.
Also, unless you are the only system administrator outside of the DBA group, it may very well have been another system administrator who rebooted the system without your knowledge. Only your event log will be able to reveal such information. And I say this as another system administrator as my primary responsibilities for my organization are more on directory services and server security than on SQL Server nowadays.
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply