Re: Database Permissions

From: Uri Dimant (urid_at_iscar.co.il)
Date: 10/30/05

  • Next message: umer.zafar_at_gmail.com: "Microsoft Distributed Transaction Coordinator call failed." 
    Date: Sun, 30 Oct 2005 10:14:40 +0200

    David
     1. Create ITManagers Group and add it to sysadmin server role.
     2. Create TeamLead Group
         a) Don't make it a member of sysadmin server role
         b) GRANT CREATE TABLE ,CREATE Function ,GRANT CREATE Procedure TO
    TeamLead

    Take a look at creating Roles in the BOL as well

    "David Grau" <DavidGrau@discussions.microsoft.com> wrote in message
    news:D265D1AC-C3D5-408B-8C77-B91696442F9F@microsoft.com...
    > Hello All,
    >
    > I have a need to set up database security on our QA and Production servers
    > in the following manner:
    >
    > IT Managers - Read/write access. Ability to view/start/stop scheduled
    > jobs
    > not owned by them (all jobs are owned by sa).
    > Team Leads - Allow them to create/drop/alter stored procedures and
    > functions
    > only. Otherwise, read-only access to all other objects
    > Developers - Read-only access to all objects.
    >
    > For the IT Managers, I have a couple of options. 1) Give dbo permissions,
    > which will give them everything but the ability to view/start/stop jobs.
    > I
    > won't give them sysadmin rights.
    > For the Developers, it's pretty easy. db_datareader permissions,
    > db_denydatawriter permissions.
    > For the Team Leads, I have not come up with anything bullet-proof. If I
    > give db_ddladmin rights, it allows them to modify data regardless of any
    > explicit deny permissions I put on any objects.
    >
    > Does anyone have any suggestions?
    >
    > Thanks,
    > David Grau
    > Database Administrator
    >
    > --
    > Surprise & Delight

  • Next message: umer.zafar_at_gmail.com: "Microsoft Distributed Transaction Coordinator call failed."