April 12, 2011 at 3:23 pm
I work at an institution where DBA roles and Sys Admin roles are held by two different departments. DBAs can connect to the SQL Server instances remotely and have full control over them but have absolutely no access to operating system itself. I was wondering which privileges a windows account for the DBAs should have and why?
April 12, 2011 at 3:29 pm
I think DBA should have sysadmin rights on the SQL Servers at the very least. There are too many things you need to [re]configure on the server, like folders for backups, Windows tasks for cleaning up old files and pushing files to backup servers etc. etc.
The probability of survival is inversely proportional to the angle of arrival.
April 12, 2011 at 6:54 pm
A DBA Should be local admin because of the many administrative tasks that need to be performed on the Server itself.
A DBA needs to be able to:
Secure the Windows Server
Configure and Format Partitions
Restart the Server
Patch SQL Server
Modify SQL Services and sometimes the Registry
Block and Open Network Ports.
Run performance Analysis on the server.
Move Files, add disks.
If you are not a local admin on the box, you will not be able to perform these kind of tasks.
Further more if you are on a Cluster environment, then you need Elevated domain privileges when you are installing a new cluster, so the virtual resources can be registered to the AD and the DNS server.
I know this is most of the time a fight with the Server folks and even with the Network and Security folks, but this is a reality and if they cannot perform the above mentioned tasks, then they need to understand.
Always check what you are modifying over and over and over, and have a second pair of eyes take a look at it before you do it.
QUIGROUP- Need a Certified experienced DBA for a project or troubleshooting? Need help with programming, database recovery, performance tuning, ETL, SSRS or developing new databases? Contact us.. 1-786-273-9809
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply