database schema, performs SQL Server Administration, and manages server
security. The DBA writes data access, ETL, and manages database
security. In 2005, we're struggling with how to allow the DBA to see
all of the logins on the server in order to add them as users of their
database. What permissions does the DBA need to select from any of the
logins on the server to add them to their database?
Michelle
Note that to add a user to a database, the dba does not need to be able to see the login's metadata - he only needs to know the login's name.
To see the information about a login, you need VIEW DEFINITION permission on that login.
To see information about all logins, you would need VIEW ANY DEFINITION permission, but this permission allows you to see more than just login information, so I don't recommend granting this permission. Instead, you can look at creating a procedure to return the necessary login information and sign the procedure with a certificate that has VIEW ANY DEFINITION permission.
Thanks
Laurentiu
No comments:
Post a Comment