Permissions for Developers

Question

Permissions for Developers

dbaforever

Hall of Fame

Points: 3740
More actions
February 2, 2009 at 6:17 pm

#199705

hi,
If you are a SQL Server DBA, what do you allow you programmers/developers to do on a.) the test server versus b.) the production database server?
- create job?
- deploy SSIS package?
Looking for ideas. Thanks, John

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 1

If you can separate the duties, developers have no access to production except maybe read rights so they can look at live data while diagnosing a problem.

Jeff Moden SSC Guru Points: 1004432 More actions · Answer 2

I 110% agree with that! And, there may be restrictions on some other tables, as well. For example, tell me why a developer would need to know anyone else's salary?

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

Lynn Pettis SSC Guru Points: 442467 More actions · Answer 3

Jeff Moden (2/2/2009)
I 110% agree with that! And, there may be restrictions on some other tables, as well. For example, tell me why a developer would need to know anyone else's salary?

Only reason I can come up with, the problem they are working on affects salary. How can you solve a problem if you can't check the data. This is where integrity and trust come into play. If they violate that trust, they are out the door with NO QUESTIONS ASKED!

maechismo_8514 SSCoach Points: 17510 More actions · Answer 4

Jeff Moden (2/2/2009)
For example, tell me why a developer would need to know anyone else's salary?

For sensitive data like that I would encrypt the data even if i trust them:)

Greg Charles SSC-Forever Points: 45403 More actions · Answer 5

John Bates (2/2/2009)
hi,
If you are a SQL Server DBA, what do you allow you programmers/developers to do on a.) the test server versus b.) the production database server?
- create job?
- deploy SSIS package?
Looking for ideas. Thanks, John

In production, developers have only read permissions, via db_datareader in databases that don't contain sensitive data. In development, they can can create objects (db_ddladmin) in databases they're assigned to program for. They also have read and write permission db_datareader, db_datawriter) in those databases. They can't create jobs or deploy packages. They can create packages and save them to VSS, but the DBAs deploy them to the server.

Greg