locked
SYSADMIN LOGIN SHOULD NOT CHANGE THE CONTENT OF JOB RRS feed

  • Question

  • hi everyone..

     

    how do I give Read Only permission to a particular login id for accessing all jobs,

    even that ID is ‘sysadmin’ who is having all rights to do anything in any databases

    in a server.  But I don’t want to allow him to change the content of any jobs.  

    How do you configure in security level for this type of synario...

     

    thanks

    -kumar

    Monday, August 18, 2008 7:49 PM

Answers

  • If you make someone a sysadmin you are giving them full access to your server, so you can't then expect to restrict their access to anything. If you make their job access read only, there's nothing to stop the sa from modifying that and giving themselves full access.

    If you want to restrict access in that way you have to give them a less privileged access than sysadmin.

     

    Monday, August 18, 2008 9:25 PM

All replies

  • If you make someone a sysadmin you are giving them full access to your server, so you can't then expect to restrict their access to anything. If you make their job access read only, there's nothing to stop the sa from modifying that and giving themselves full access.

    If you want to restrict access in that way you have to give them a less privileged access than sysadmin.

     

    Monday, August 18, 2008 9:25 PM
  • thanks for your reply.  if i want to restrict access in that way, which is the best privilege access can we give ?  But he should not face any problem by handling DML, DDL,etc.

     

    Tuesday, August 19, 2008 1:43 PM
  • Can't really say if  any predefined objects will help you without more details, but the safest option is probably to create a login (or role) with the specific permissions you require set.

     

    Tuesday, August 19, 2008 6:20 PM