Security problem with Exact software

  • In our company we use Exact Globe 2000 administration software. The users want to make backup's with this application. What the application does is:

    - Detach database (with sp_detach_db)

    - Rename database files

    - Make an backup

    - Rename database files

    - Attach database (with sp_attach_db)

     

    The problem is that the users must be member of the sysadmin role. But there is no way that I grant this role to the users, because they can do everything on the server.

    Is there an possibility to make an role that can do DBCC commands en have the Create Database role ?

     

    Thanks in advance,

     

    Ton

     

  • >Is there an possibility to make an role that can do DBCC commands en have the Create Database role ?

    Well, yes there is, but since the software is using sp_detach_db sysadmin role is necessary. It sounds like a pretty strange way to do backups, why don't they just do online backups?

  • Hi Chris,

     

    I agree that it is an strange way to backup, but this kind of software is strange....

    Can you tell me how to make an role which can do the DBCC DETACHDB command ?

    Thkx

    Ton

     

  • Hi,

    At our company we also use Exact Software (I agree with you - this kind of software is strange!) and for backups we use the SQL Backup command, performed by a DBA. In our company more than 1 user works in an administration (database) so a Detach is out of the question!

    JP

     

  • I do not think you can create a role for giving rights to DBCC DETACHDB. Since there is no permissions check in sp_detach_db I assume it is a hardcoded check in DBCC DETACHDB that makes sure the user is sysadmin.

    But it seems from the post by JP that it should be possible to do normal backups, instead of detach/attach behaviour? Would that not be a solution?

  • Hi JP,

    Are you an expert of Exact ? Cause I have a few questions about it.

    Is an SQL Server backup exactly tjhe same as an Exact Backup ?

    Is it then possible to bring your SQL Server backup to another location and import it there ?

    Thx TL

     

  • Ton

    Almost forgot: if you have more questions: just ask.

    JP

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply