Security Basics mailing list archives
Re: What Local Server Rights are needed for SQL DBAs?
From: craig.wilson () redtray co uk
Date: Wed, 16 Sep 2009 18:37:35 +0000
Hi Mark, Might be pertinent to ask what they are looking to do on the servers. DBA work would normally only require rights to the db which would normally be performed on a pc other than the server. Are they doing application development too where software runs on the server or interacts with it? Craig Sent from my BlackBerry® wireless device -----Original Message----- From: "Eggleston, Mark" <meggleston () HEALTHPART COM> Date: Wed, 16 Sep 2009 13:16:09 To: <craig.wilson () redtray co uk>; <security-basics () securityfocus com> Subject: RE: What Local Server Rights are needed for SQL DBAs? Thank you Craig - very helpful. We indeed do have a DBA Team and a Network/server team. We do also have a dev/uat/live environment for some SQL instances. Anyone else care to comment regarding documentations on how to set up appropriate rights in SQL and/or servers? Regards, Mark -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of craig.wilson () redtray co uk Sent: Wednesday, September 16, 2009 3:06 AM To: Eggleston, Mark; listbounce () securityfocus com; security-basics () securityfocus com Subject: Re: What Local Server Rights are needed for SQL DBAs? Hi mark Depends how draconian you want to be and the setup of your teams. If you have a DBA team and also server and infrastructure teams then I would normally have any config changes on the servers themselves go to the server team. For DBA work they only need rights to make changes to the database, not to the underlying OS. The rights you described abové, save local admins, are enough for that. In my experience the problem with app and DB developers having local admins rights is that corners are often cut in order to make something work. That leads to another point: assuming you are employing a dev\uat\live architecture and any amendments go via change management then access to dev should generally allow for local admin rights. Craig Sent from my BlackBerry® wireless device -----Original Message----- From: "Eggleston, Mark" <meggleston () healthpart com> Date: Fri, 11 Sep 2009 14:15:22 To: <security-basics () securityfocus com> Subject: What Local Server Rights are needed for SQL DBAs? Hello Colleagues, I need some help finding good documentation (i.e. best or standard practice) for deciding what appropriate rights are really needed for a DBA to perform his or her duties (Win 2003, SQL 2005/8). Can anyone point me to a good reference as my google searches have not provided an authoritative conclusion. Currently we have our Database Administration Group as local admins on those servers hosting SQL... However, is the serveradmin role required? Our Manager of this group has indicated that DBA certainly require these server specific roles: setupadmin; processadmin; dbcreator. Thanks in advance for sharing how you may have tackled this issue at your company or a methodology on how to pursue. Thanks, Mark Eggleston Manager, Security and Business Continuity This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed. It may contain information that is confidential and prohibited from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination or copying of this message or any attachment is strictly prohibited. If you have received this message in error, please notify the original sender immediately by telephone or by return e-mail and delete this message along with any attachments, from your computer. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
Current thread:
- What Local Server Rights are needed for SQL DBAs? Eggleston, Mark (Sep 15)
- Re: What Local Server Rights are needed for SQL DBAs? craig . wilson (Sep 16)
- RE: What Local Server Rights are needed for SQL DBAs? Eggleston, Mark (Sep 17)
- Re: What Local Server Rights are needed for SQL DBAs? craig . wilson (Sep 17)
- RE: What Local Server Rights are needed for SQL DBAs? Eggleston, Mark (Sep 17)
- RE: What Local Server Rights are needed for SQL DBAs? Eggleston, Mark (Sep 17)
- RE: What Local Server Rights are needed for SQL DBAs? Jason Hurst (Sep 17)
- Re: What Local Server Rights are needed for SQL DBAs? craig . wilson (Sep 16)