Post reply

permissions for developers to see SQL error logs.

  • September 21, 2014 at 11:57 pm

    #293343

    Hi All,

    One of my client wants permission for developers to see SQL error logs from Management studio, what permissions are required for developers to see SQL error logs.

    What I think is that if we grant execute on Xp_readerrorlog stored procedure in Master database, to which client came back and told that they are not able to see error logs.

    And if we grant them view server state permissions then there is/will be lot of security violations.

    Please help me on how to proceed with granting developers permissions to see SQL error logs through Management studio?

    Thanks.

  • September 22, 2014 at 12:58 am

    #1746941

    In order to use the Log File Viewer in SSMS the login requires membership in the securityadmin role. Which this role is to be treated the same as sysadmin role, so I expect that is not an option.

    Alternatively you can grant them execute permissions on sp_readerrorlog which I tend to use more than the log file viewer anyway. It is more useful in filtering out garbarge that I don't want to see.

    Shawn Melton
    Twitter: @wsmelton
    Blog: wsmelton.github.com
    Github: wsmelton

  • September 22, 2014 at 1:09 am

    #1746945

    Thanks for your reply, I have asked customer to grant execute permission on sp_readerrorlog, but then they came back and said that is working s they are not able to see error logs.

    Is there any other permission levels or please advice me how to recommend me how to proceed with this?

    Thanks.

  • September 22, 2014 at 1:48 am

    #1746952

    rajeshdba83 (9/22/2014)

    Thanks for your reply, I have asked customer to grant execute permission on sp_readerrorlog, but then they came back and said that is working s they are not able to see error logs.

    Is there any other permission levels or please advice me how to recommend me how to proceed with this?

    Thanks.

    Granting permissions to sp_readerrorlog is not going to allow them to view anything from the log file viewer in SSMS. They are going to have to execute T-SQL commands in order to view the data.

    So for them to see the current error log data requires them to execute this command for a query window:

    USE [master];

    GO

    SET NOCOUNT ON;

    EXEC sp_readerrorlog

    If they want to only find messages related to a certain string value in the current error log:

    USE [master];

    GO

    SET NOCOUNT ON;

    EXEC sp_readerrorlog 0, 1, 'Login failed';

    GO

    Shawn Melton
    Twitter: @wsmelton
    Blog: wsmelton.github.com
    Github: wsmelton

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply