Idle Banter For non SV and non bike related chat (and the odd bit of humour - but if any post isn't suitable it'll get deleted real quick). There's also a "U" rating so please respect this. Newbies can also say "hello" here too. |
|
Thread Tools |
01-09-16, 03:03 PM | #1 |
Member
Mega Poster
Join Date: Mar 2004
Location: Not in Yorkshire. (Thank God)
Posts: 4,116
|
OMO: MS SQL Server
I cannot be bothered trying to find an join a sqlserver forum to ask one question. So hope the mighty org may know.
My background is Oracle so I may not use quite the correct terminology, so be understanding/gentle. Our outsourced datacentres provider, is refusing to grant elevated rights to users saying the instance is shared to multiple databases and would comprimise the security of other databases. In the Oracle world I am familiar with. The users within an instance only have rights to that instance. Granting them DBA rights etc would not impact upon any other instances hosted on that server. (unless they tried to do something stupid that impacted upon server resources, such as extending tablespaces/ rollback segments etc.) Is the outsource DBA just being pig headed and protective of his sqlserver environment. The only way out I see is to pull our databases from his servers and host elsewhere.
__________________
Not Grumpy, opinionated. |
01-09-16, 05:55 PM | #2 |
Member
Join Date: Oct 2010
Location: Yellow Belly County
Posts: 564
|
Re: OMO: MS SQL Server
What ?
|
01-09-16, 06:32 PM | #3 |
Member
Join Date: Mar 2004
Location: North Worcestershire
Posts: 58
|
Re: OMO: MS SQL Server
If you are a "SQL Server Admin" on your instance rather then a "Local Admin" on the server then you will only be able to see the databases on your instance.
It is possible that he is thinking in terms of a "Local Admin" on the server which would give you inherited SQL server rights to all instances on the server. If you were gransted "SQL Server Admin" rights to your instance it is possible that you could make changes that could impact the performance of the server, it could potentially also impact the security of other files on the server dependent on how the SQL services have been set up. It is also possible that there are databases on your instance that they do not want you to see. Could your issues not be solved by "elevated" user rights? |
02-09-16, 08:21 AM | #4 |
Member
Join Date: Mar 2013
Location: At home
Posts: 756
|
Re: OMO: MS SQL Server
What kind of world do you guys live in. One I'm glad I don't.
As Teejayexc said, What? |
02-09-16, 08:23 AM | #5 |
Member
Join Date: Apr 2009
Location: going up Camborne hill coming down
Posts: 251
|
Re: OMO: MS SQL Server
Sounds to me like they have taken some shortcuts when setting the db permissions and are granting rights at the instance level.
It should be possible for them to apply the appropriate rights to each db, but at the cost of having to redo ALL of the rights/roles. Having done it the "wrong" way for years it was only when we migrated to a new domain (and started from scratch with our permissions) that we were able to remove all the bodges. Sent from my XT1068 using Tapatalk
__________________
Was: Red curvy S: crash bungs, double bubble screen, fenda extenda, HEL front lines, OEM belly pan Now: Blue FZ6 Fazer |
02-09-16, 08:26 AM | #6 |
Guest
Posts: n/a
|
Re: OMO: MS SQL Server
You have 3 levels of admin rights here.
Physical Server. Server instance. Database. The server admin, can do pretty much as he pleases. The Server instance Admin (SA account would be an example) can do whatever he wants to the database, but is limited by the rights the server admin grants him to file access etc. the DB admin only has "owner" rights on that database, and may not have rights to do things like backup and restore, these can only be set at server, or instance level. I'd ask for "DB Owner" rights on your database, and do the rest yourself personally. C. |
02-09-16, 09:38 AM | #7 |
Member
Mega Poster
Join Date: Mar 2004
Location: Not in Yorkshire. (Thank God)
Posts: 4,116
|
Re: OMO: MS SQL Server
Thanks guys.
I am glad I have little to do with MS stuff, it sounds easy to poorly design for the enterprise for the convenience of operation. Enough of the techy stuff. Back to two wheels
__________________
Not Grumpy, opinionated. |
02-09-16, 12:10 PM | #8 | |
Member
Join Date: Mar 2004
Location: North Worcestershire
Posts: 58
|
Re: OMO: MS SQL Server
Quote:
I should not moan, I always get admin access . . . |
|
02-09-16, 02:45 PM | #9 |
Member
Join Date: Apr 2016
Posts: 127
|
Re: OMO: MS SQL Server
With webservers for example (One.com etc...) they use a single server, split into multiple webservers - but they all seem to share the same SQL database internally.
I dound this out as I wanted to change some PHP caches, and enable some stuff for Drupal. I contacted One, and they basically said exactly the same as what you posted above mate. |
02-09-16, 08:22 PM | #10 |
Guest
Posts: n/a
|
Re: OMO: MS SQL Server
We run a lot of MS SQL databases at work. Normal practise seems to be to setup multiple instances, and then run one or two databases per instance.
It wouldn't surprise me if there were some pretty subtle ways that you could subvert another database if you tried hard enough. For example, (in Oracle) utl_file can open any files that the database process has access to. So unless you've gone to the trouble of running each instance as a different service account, not making any of them local admins, and setting file ACLs correctly, you can open any file (in a directory that the DBA has permitted). That includes files that control the behaviour of other instances. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
FS: HP Server | TSM | Idle Banter | 0 | 03-03-10 03:47 PM |
SQL server | Gnan | Idle Banter | 2 | 31-05-06 05:40 AM |
SQL server and VB | mysteryjimbo | Idle Banter | 10 | 18-03-06 09:02 AM |