Hi all
Has anyone implemented an RBAC model ti restrict Junior DBAs access to view data while at the same time allowing them to perform administration tasks? I suppose my first question is what kinds of tasks could they do without being able to view data. I understand encryption would be the ideal scenario here, but at present that is not possible.Some of the things I have thought of that they could do with the appropriate controls in place would be:
Performance tuning using DMVs, profier etc - what I am unclear of however is if this give them access to view data
High level troubleshooting - viewing error logs etc
Writing reports for compliance purposes.
Any and all comments welcome.
Thanks