Re: SQL Permissions
From: BP Margolin (bpmargo@attglobal.net)
Date: 06/30/02
- Next message: FR: "To deteremine NT logins + Sql Logins with sa + dbo + prviliges"
- Previous message: Skillman Hunter: "Re: Can web site data be protected from access by the webmasters?"
- In reply to: SQL Guy: "Re: SQL Permissions"
- Next in thread: Neil Pike: "Re: SQL Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "BP Margolin" <bpmargo@attglobal.net> Date: Sun, 30 Jun 2002 12:31:49 -0400
Gary,
Unless you are disputing something in my post, try responding to the
original post rather than someone's answer to the original post.
-------------------------------------------
BP Margolin
Please reply only to the newsgroups.
When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.) which
can be cut and pasted into Query Analyzer is appreciated.
"SQL Guy" <SQLGuy@EarthLink.Net> wrote in message
news:OCyGvo$HCHA.368@tkmsftngp13...
> I am a SQL DBA in a large company. I believe DBA should have NT admin
rights
> on all dedicated SQL servers (Yes I do). What are you trying to restrict
> DBA's from? It's DBA's box! And by the way, most likely it's required that
> SQL service running under a domain account which has local NT admin
rights.
> If true, SQL sa can do anything a NT admin can do, including
> starting/stopping any services, adding/deleting any files, adding/deleting
> any local NT logins, or even rebooting or shutting down the server! And of
> course, if DBA has NT admin rights, he/she can access any drive in the
> server any way he/she wants.
>
> Gary
> MCDBA, MCSA, MCSD, MCSE+I
>
>
> "BP Margolin" <bpmargo@attglobal.net> wrote in message
> news:#FP3x04GCHA.1744@tkmsftngp13...
> > John,
> >
> > Do any of your applications require SQL Server to access another box on
> the
> > network? If so then SQL Server needs appropriate permissions to that box
> via
> > the account that is used by the SQL Server service ... and thus your SQL
> > Server administrators will have access to that box because SQL Server
has
> > it.
> >
> > A typical reason for SQL Server to require access to another box on the
> > network is the scheduled execution of a DTS job that loads data that is
> only
> > available on a box other than the one on which SQL Server is executing.
> >
> > -------------------------------------------
> > BP Margolin
> > Please reply only to the newsgroups.
> > When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.)
which
> > can be cut and pasted into Query Analyzer is appreciated.
> >
> > "John Shurer" <john.shurer@ncmail.net> wrote in message
> > news:eRpdZf4GCHA.2372@tkmsftngp09...
> > > My SQLAdmins are asking for the following:
> > >
> > > 1) Administrator access to the local box on running SQL
> > > 2) The ability to access the SQLData directory directly through drive
> > > mappings
> > >
> > > We are attempting to create as secure an environment as possible and
> keep
> > > everything locked down. In my opinion, they do not need these type of
> > > accesses. They do have sa privileges to the SQL server but I see no
> reason
> > > to give them Windows 2000 administrator privileges. Also, to further
the
> > > security on the servers (they are publicly accessible), we are trying
to
> > > eliminate all shares including admin shares. Seems to me they should
be
> > able
> > > to accomplish everything using the SQL tools. Am I off base on this?
> > >
> > >
> >
> >
>
>
>
>
- Next message: FR: "To deteremine NT logins + Sql Logins with sa + dbo + prviliges"
- Previous message: Skillman Hunter: "Re: Can web site data be protected from access by the webmasters?"
- In reply to: SQL Guy: "Re: SQL Permissions"
- Next in thread: Neil Pike: "Re: SQL Permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
