Re: Custom server permissions?

From: Jasper Smith (jasper_smith9_at_hotmail.com)
Date: 11/25/04

  • Next message: lwmccksg: "SQL Server 6.5 Post Service Pack 5a" 
    Date: Wed, 24 Nov 2004 23:38:20 -0000

    Both of these system stored procedures have hard coded permission checks in
    them. I'm not a big fan of these as it really limits flexibility. The only
    way would be to alter them to remove these checks but this would not be a
    supported scenario. sp_addlinkedserver has a hard coded check for membership
    of the setupadmin server role and sp_addlinkedsrvlogin has a hard coded
    check for membership of the securityadmin server role. The only alternative
    would be one that I use a lot for scenarios where I want lower privilege
    users to be able to do a very specific action and that is to write a queue
    system whereby they basically have a table that they can insert rows into
    via a stored procedure and this table is polled by a SQL Agent job that runs
    once a minute and executes the specific commands they are allowed to run.
    This way you can code so they can only do a very specific action (otherwise
    you would lead yourself open a large security hole) 

    -- 
HTH
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
<barrygilbertusa_no_spam@yahoo.com> wrote in message 
news:1101316733.934708.165050@f14g2000cwb.googlegroups.com...
> Hi,
>
> I need to grant a user access to one or two specific system stored
> procs without giving permission to everything else in the fixed server
> role that allows them. Specifically, they need rights to
> sp_addlinkedserver and sp_addlinkedsrvlogin, but they shouldn't have
> all the rights associated with securityadmin. Is there a way to grant
> specific rights to just these?
>
> TIA,
> Barry
>
  • Next message: lwmccksg: "SQL Server 6.5 Post Service Pack 5a"

    Relevant Pages

    • Re: Custom server permissions?
      ... Barry ... > Both of these system stored procedures have hard coded permission checks in ... > check for membership of the securityadmin server role. ...
      (microsoft.public.sqlserver.security)
    • Re: SCW question.
      ... Created a new Server and installed IIS. ... and saw that the default rights for IUSR and IWAM users are there. ... Server to the domain without and GPO's applied...Local Security policy ... rights (which coincides with my Member server GPO settings). ...
      (microsoft.public.windows.server.security)
    • Re: SBS 2003 folder redirection, offline files, ..and more
      ... you log into a shared PC with admin rights and go to Windows Explorer Folder ... documents are redirected to the server. ... without redirection, they wouldn't have been. ...
      (microsoft.public.windows.server.sbs)
    • Re: file rights issue...
      ... Domain Admin has rights to everything so not being able to access the ... The Terminal Server is an entirely different ... of BV we are running uses an SQL DB engine called Pervasive SQL to ... the accounting data on the Windows 2000 server through the pervasive ...
      (microsoft.public.backoffice.smallbiz2000)
    • Re: Business Rules & Referential Integrity
      ... With regards to my stored procedures and the inherent "White Elephant", ... fully appreciate your comments and will use Declared Referential Integrity ... in SQL Server and capture any named constraint errors/exceptions this way. ... >> about application design and implementation using DotNet. ...
      (microsoft.public.dotnet.distributed_apps)