Post reply

Give Developers permission to read error log with less to no other privileges

  • August 26, 2009 at 6:53 am

    #133254

    I need to give some of the developers and some other logins access to read the error log. The problem is you need to be a member of the securityadmin to read the error log which then exposes a lot of other permissions. Can anyone tell me how to solve this? And yes sharing the folder where the log is saved is not an option right now.

  • August 26, 2009 at 7:34 am

    #1044833

    I am able to bring down the permissions to very low by using the following commands.

    Deny All to Login_Name

    Deny Alter Any Login to Login_Name

    Grant Execute master.sys.xp_ReadErrorLog To Login_Name

    This will help in not allowing the login to create other logins, create jobs and others and will allow you to view the error log. However it is still able to Grant permissions to other Logins.

    Can someone tell me how I can remove the Grant permission from the login.

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply