April 28, 2015 at 9:52 am
Totally agree with Jeff and Eric. It isn't that everyone that will behave that way but *someone* will!!!
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
April 29, 2015 at 7:09 am
stakes (4/23/2015)
Eric M Russell (4/23/2015)
If a database architect, IT support, executive, or BI developer needs eleveated permissions to troubleshoot performance issues or run ah-hoc queries in production, you can setup something like a power user role, but NEVER grant them SYSADMIN or DBO membership.
use SpecificDatabase;
-- grant select on any table or view:
exec sp_addrolemember db_datareader, 'DBPowerUsers';
-- grant user permission to view execution plans:
grant showplan to 'DBPowerUsers';
-- server level permissions require that context be changed to [master] database.
use master
-- grant user permission to view object schemas:
grant view any definition to 'DBPowerUsers';
-- grant user permission to view system tables and views:
grant view server state to 'DBPowerUsers';
-- grant user permission to start sql profiler traces:
grant alter trace to 'DBPowerUsers';Good point and thanks for sharing the script! Granting them access to a readable secondary can also work.
I agree. If you allow ad-hoc queries on a primary, first make sure tempdb is on its own, very large disk.
Viewing 2 posts - 31 through 31 (of 31 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy