Re: Support team security

It's not possible using Management Studio as it requires you be a sysadmin
to view Linked Server properties (this is a tool requirement not a SQL
requirement) adn securityadmin to see errorlogs. However, you can get the
properties of a linked server by querying the sys.servers catalog view which
by default all logins have access to. In order to view sys.linked_logins or
sys.remote_logins you'll need to wrap them in a procedure running in a
different context and give them execute permissions on it e.g

create procedure dbo.usp_ReadLogins
(
@type varchar(6) = 'linked'
)
with execute as 'dbo'
as
set nocount on
if lower(@type) = 'linked'
select * from sys.linked_logins
else if lower(@type) = 'remote'
select * from sys.remote_logins
else
raiserror('Parameter @type must be ''linked'' or ''remote''',16,1)
go

grant exec on dbo.usp_ReadLogins to Support
go

Same goes for reading the errorlog. Either create a file share for the Log
folder and give them read access or wrap a call to xp_readerrorlog in a
procedure (you don't want to give access to xp_readerrorlog directly as it
can be used to read any file the SQL Server service account has access to
and not just the error logs) e.g

create procedure dbo.usp_ReadLog
(
@number int = 0
)
with execute as 'dbo'
as
set nocount on
declare @logs table(ArchiveNo int,Date datetime,FileSize int)
insert @logs exec dbo.xp_enumerrorlogs

if not exists(select * from @logs where ArchiveNo = @number)
begin
raiserror('%d is not a valid errorlog number',16,1,@number)
return
end
else
exec dbo.xp_readerrorlog @number
go

grant exec on dbo.usp_ReadLog to Support



--
HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com


<mswinarski@xxxxxxxxx> wrote in message
news:1165514532.652351.63450@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

mswinarski@xxxxxxxxx wrote:
We have a group of folks that handles much of our applicaiton support.
We would like them to have security to view (but not alter or create)
the following:

Properties of the Linked Servers
SQL Server Agent Job Schedule and Job history
SQL Server Logs


Does anyone know what permissions to grant in order to do this?? Can
this even be done?


I figured out one of them! the user can view the "SQL Server Agent Job
Schedule and Job history" without being able to modify the jobs by
adding them to the SQLAgentReaderRole in the msdb db.

One down, two to go!!



.

Relevant Pages

  • RE: SBS 2003 Unable to connect to database STS_Config
    ... Uninstall the SQL server from the SBS 2k3 server from add/remove programs ... Uninstall Microsoft SQL Server Desktop Engine (SHAREPOINT) ... If AV software install any extra IIS virtual directory, ...
    (microsoft.public.windows.server.sbs)
  • Re: Memory issues with 64-bit SQL Server 2005 on 64-bit Win 2003 C
    ... I also checked the individual patch levels for the .NET drivers, SQL Server ... The SQL Server is fully patched, however Windows Update reported that the OS ... Lock pages in memory -- I guess you might have taken care of it as well. ...
    (microsoft.public.sqlserver.clustering)
  • RE: migrating from wmsde to sql server
    ... Click Start, point to All Programs\Microsoft SQL Server, and then click ... then click New SQL Server Registration. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Linked Server
    ... SQL instance to be able to delegate on your behalf to the 2nd SQL Server ... [Create Linked Server Object on Middle Server] ... set up its login to use delegation. ...
    (microsoft.public.sqlserver.server)
  • RE: SBS 2003 Unable to connect to database STS_Config
    ... Uninstall the SQL server from the SBS 2k3 server from add/remove programs ... Uninstall Microsoft SQL Server Desktop Engine (SHAREPOINT) ... If AV software install any extra IIS virtual directory, ...
    (microsoft.public.windows.server.sbs)