May 2, 2018 at 2:48 am
I created a couple of "light weight" server side traces but the files seem created with very unfriendly permissions.
In order to read the file, I need to take ownership, change permissions, or copy the file, all of which is inconvenient.
How can I choose the default permissions on these trace files?
May 2, 2018 at 6:05 am
Likely the easiest solution would be to set the permissions you need on the parent folder and enable inheritance of the permissions.
BUT depending on where your trace files are going, if there are other files besides the trace in that folder, you could introduce new problems or potential security holes. Your best bet would be to create a dedicated folder for the trace to put its files in, set the permissions and inheritance on that folder, and go.
If you have a security team / person, I'd also suggest checking with them about this, just to play it safe.
May 3, 2018 at 10:24 am
I tried but did not succeed...
my traces are going to a folder Z:\SQLTraces
I disabled inheritance on the folder |:\SQLTraces, then set the permission on it to everyone Read/Execute
Yet, when files are created in there by SQL Server, I have to take ownership one file at a time...
It looks like the files are created with a very strict (lack of) permissions.
May 3, 2018 at 11:01 am
Eric Mamet - Thursday, May 3, 2018 10:24 AMI tried but did not succeed...my traces are going to a folder Z:\SQLTraces
I disabled inheritance on the folder |:\SQLTraces, then set the permission on it to everyone Read/ExecuteYet, when files are created in there by SQL Server, I have to take ownership one file at a time...
It looks like the files are created with a very strict (lack of) permissions.
You would want inheritance enabled so that the files that get created in that folder inherit the same permissions from the folder.
Sue
May 3, 2018 at 2:05 pm
No way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.
https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/
May 3, 2018 at 3:31 pm
e4d4 - Thursday, May 3, 2018 2:05 PMNo way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/
Sorry, I forgot about how it overwrites any inheritance. Thanks for the reminder on that.
Sue
May 3, 2018 at 5:05 pm
e4d4 - Thursday, May 3, 2018 2:05 PMNo way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/
Interesting, I'm wondering if it behaves the same with Audit files.
May 4, 2018 at 2:39 pm
jasona.work - Thursday, May 3, 2018 5:05 PMe4d4 - Thursday, May 3, 2018 2:05 PMNo way to set specific permission to trace files, permission for trace files are not inherited from folder, it is the same behaviour like for DB files.https://blogs.msdn.microsoft.com/psssql/2008/06/25/how-it-works-trace-trc-file-security/
Interesting, I'm wondering if it behaves the same with Audit files.
I was playing with it today - it looks like just the trace files as I can see the inheritance, permissions on the other file types. Interesting that extended events files have the permissions inherited from the folder.
Sue
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply