SA rights to Sr. Developers in Small ITS Groups

From: JA (JA_at_discussions.microsoft.com)
Date: 07/30/05

  • Next message: Ross: "SQL Mail Security" 
    Date: Fri, 29 Jul 2005 23:12:01 -0700

    Sorry if this is a duplicate message.
    Granting SA rights to Sr. Developers in Small ITS Groups when there's DBA:
    I just finished reading several articles on the SQL Server Security
    Checklist or Best Practices - and I could use some advise. Our ITS group is
    too small to have a full time [application] DBA for SQL Servers so only
    Networking has SA rights on the servers which in the past was not a problem.
    But now that we're starting to develop/implement new Coldfusion and SQL
    Server Database applications as we head toward switching from static HTML to
    a dynamic database driven multiple server production environment that will
    use both a staging and a development server. Since these are new
    technologies to this environment and the production servers that only contain
    public information (i.e. do not contain high risk data), Development has
    requested read-only access to the production and staging servers to look at
    the data integrity, check the rev. number on the code, and look at IIS, CF,
    and SQL logs and configuration files, as needed. Development has also
    requested SA rights for their Sr. Developers only on the development server
    (i.e not the product servers) to be used for testing replication, running
    diagnostics, reviewing logs, create test applications users/roles to test
    permissions, test configuration settings and permission issues (we are also
    implementing active directory) but access was denied to both requests. With
    one month left before going live with the new production servers on
    IIS/CF/SQL, development is concerned with the time delays with testing or
    replicating problems on the development server and the inability to diagnose
    production problems with outdated logs (vs real time monitors of IIS/CF).
    The networking staff are competent at network issue but are not DBAs and doe
    not have knowledge of how setting and permissions in SQL Server (not to
    mention IIS or CF) will affect applications. How should SQL Server
    roles/permission be split between Networking and Development on the
    Development server in our small environment (note: our Sr Developers have 5 -
    25 years of development experience including commercial DB engineering)?

  • Next message: Ross: "SQL Mail Security"

    Relevant Pages

    • RE: SBS 2003 Unable to connect to database STS_Config
      ... Uninstall the SQL server from the SBS 2k3 server from add/remove programs ... Uninstall Microsoft SQL Server Desktop Engine (SHAREPOINT) ... If AV software install any extra IIS virtual directory, ...
      (microsoft.public.windows.server.sbs)
    • Re: Memory issues with 64-bit SQL Server 2005 on 64-bit Win 2003 C
      ... I also checked the individual patch levels for the .NET drivers, SQL Server ... The SQL Server is fully patched, however Windows Update reported that the OS ... Lock pages in memory -- I guess you might have taken care of it as well. ...
      (microsoft.public.sqlserver.clustering)
    • RE: migrating from wmsde to sql server
      ... Click Start, point to All Programs\Microsoft SQL Server, and then click ... then click New SQL Server Registration. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
      (microsoft.public.windows.server.sbs)
    • RE: SBS 2003 Unable to connect to database STS_Config
      ... Uninstall the SQL server from the SBS 2k3 server from add/remove programs ... Uninstall Microsoft SQL Server Desktop Engine (SHAREPOINT) ... If AV software install any extra IIS virtual directory, ...
      (microsoft.public.windows.server.sbs)
    • Re: Best replication architecture?
      ... Looking for a SQL Server replication book? ... So if it is subscribing to Publisher 1, ...
      (microsoft.public.sqlserver.replication)