Search
Subscribe
Categories
- Backup and Restore
- Configure
- Contact me
- CPU
- Data Architecture
- Data Import and Export
- Database Mirroring
- DBA
- DBA Scripts
- Deadlocks
- Development
- Disaster Recovery
- Disk Storage
- DMV
- Documentation
- Event Log
- Function
- High Availability
- Indexes
- Install & Setup
- Interviews
- IO Subsystem
- Jobs
- Links
- Locking
- Memory
- Monitor Performance
- MSDB
- Network
- Object Management
- Pagination
- Partitioning
- Performance
- Powershell
- Security Management
- SQL Agent
- SQL Azure
- SQL Cachestore
- SQL Error Logs
- SQL Optimizer
- SQL problems
- SQL Server Error Tips
- SQL Server Management Studio
- SQL Server Profiler
- SQL Server Tuning
- SQL View
- SQLServer-DBA News
- SSIS
- Statistics
- T-SQL
- TempDB
- Tools
- TPC-H
- Transaction Logs
- Virtualization
- Wait Stats
Recent Posts
- How to check Operating System type with Powershell
- ALTER TRACE and developers
- Predict ALTER INDEX REORGANIZE finish time
- Cannot connect to SQL Server
- Timeout occurred while waiting for latch: class 'LOG_MANAGER'
- The instance of the SQL Server Database Engine cannot obtain a LOCK resource at this time
- How to create a SQL Server Security Audit
- Cannot use Large Page Extensions: lock memory privilege was not granted
- Compare two files with Powershell
- Export-CSV Powershell
I’ve recently discovered a problem in implementing a corporate security policy. One of the policy requirements is that no logon account – can be assigned the sysadmin server role. (With a couple of exceptions)
As part of the infrastructure TDP SQL Client is used – DP – which backs up to the TSM. Both scheduled and ad-hoc backups are commited through the TDP SQL Client. The client relies on the Virtual Device Interface(VDI)
The VDI is an API and is installed with SQL server – its purpose is for 3rd party developers to use the BACKUP\RESTORE range provided with sql server .
Think of the VDI as an alternative method of transferring data to the target destination, and in effect manipulates a memory space where at the other side sits a third party interface.
From a permission perspective the logon account using the VDI must be assigned the sysadmin fixed server role
I haven’t yet been able to come up with an alternative security for the logon
Ref:Jack Vamvas (http://www.sqlserver-dba.com)
Author: Jack Vamvas (http://www.sqlserver-dba.com)
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |