Operations team and sql server permissions

14 January,2014 by Tom Collins

Setting the right SQL Server permissions for the IT Operations team is about striking the right balance between access and security. There are countless variations on  how an Operations team should be defined but the primary tasks are management, monitoring and operation of the IT infrastructure.

The decision on the level of security to apply is heavily dependant on the skillset ,auditing requirement and security best practises

An interesting dilemma for the DBA is what level to assign the SQL Server permissions for the Operations team.  The Operations may or may not include an Operations DBA One,  to perform their day-to-day tasks and two, to perform more elevated tasks

Two questions to ask in deciding on security level

1)     What is the range of tasks Operations must complete?

2)     How to elevate the privileges , in the context of the organisational SQL Server security policy?

 An approach I apply , (based on the assumption the Operations team does not have permanent Sysadmin rights!!) , is to maintain the Operations team at ProcessAdmin,. The Process Admin role allows  ALTER ANY CONNECTION, ALTER SERVER STATE.

If elevated privileges are required , the Operations team request elevated privileges through an auditable process.

 An auditable process can be defined in different ways – examples include : a Helpdesk Request system , an automated security management system such as Varonis, custom scripts

I’d be interested to know about other approaches and how other DBAs manage security for Operations staff.Either email me on jack@sqlserver-dba.com or leave a comment below

There has been much discussed about the rising role of the DevOps movement . Applying a useful and secure method of software changes in the Production environment , is critical to a dependable rapid deployment of SQL Server changes


Author: Tom Collins (http://www.sqlserver-dba.com)


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on Operations team and sql server permissions

sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer