May 31, 2007 at 11:42 am
Rookie question.
We are going to introduce a new development environment. There will be 5 separate groups of servers for 5 different project managers. Originally we were going to give SA to the project managers and let them hand out users and permissions to their developers how they saw fit; but as needs for development grew project managers started to seek help from developers not on their teams. So now there are two issues, project managers want to keep their environments secure and accountable, but operate with the versatility of a constantly changing user pool without the overhead of constantly adjusting the user’s rights. My question is; is there a database role or combination of object permissions that can provide some security while allowing users some freedom to develop? I am preparing myself for weekly dbo updates. Any suggestion will be greatly appreciated.
Thanks
David
June 1, 2007 at 9:47 am
David,
You could create a custom "Developer" role in each database that would then be made a member of the db_datawriter, db_datareader, db_ddladmin, maybe db_securityadmin. Add developer users as members of the "Developer" role. I haven't found a need to make developers dbo or members of db_owner.
If the developers who regularly work for a particular project manager can be put into a domain group, which would be added to the "Developer" role, then you would only have to add individual users for those developers from other teams who are temporarily working on a project.
Greg
Greg
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply