February 21, 2002 at 5:21 pm
I have users creating and running dts packages on my production SQL servers.
Besides disabling the guest account, what other actions can I perform to prevent the creation and operation of unwanted packages.
February 21, 2002 at 6:58 pm
February 21, 2002 at 7:15 pm
Make sure also that non of the users have been set up as super users (sysadmin, sysoperators) and role that would genericly be able to perform creating DTS packages. Also make sure users have not been granted any permissions on any database they do not need access at all.
Don't roll your eyes at me. I will tape them in place.
March 13, 2002 at 3:44 pm
By removing access to the msdb (I assume you mean the guest account) you would lose the ability to track job history, backup history, and other run histories. You would also receive errors upon running backups, and since these are developers, they are very concerned over errors and such. Are there any specific stored procedures that we could dney access to? I think that would be a much better approch.
quote:
Remove access to msdb. Are these developers or normal users?Steve Jones
March 13, 2002 at 7:05 pm
What I amn sure Steve means is the users should not have any rights or access on MSDB. Jobs and such run under the context of sysaccount or SQLAgentExec so they should be fine. You may even (I say may as I have not tried) be able to deny rights to each user on "sysdtspackages" (sorry no SQL on this machine to verify name) which should allow them to build and execute pages but not be able to save (may do more in the way of prevention but again I have no way to check here). But keep in mind if they have rights to change permissions they can always change them back.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
Edited by - antares686 on 03/13/2002 7:06:36 PM
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply