November 10, 2005 at 9:24 am
How important/critical is it for a DBA to be a domain administrator and/or local administrator on all sql boxes? More important in SQL 2005 than before? I see services are managed differently in SQL 2005.
As we continue our slow migration from legacy FoxPro databases to SQL 2000 I find that many DBA tasks have to be handled by our Systems department. They wouldn't mind making DBAs domain and local admins, but only if the DBAs are part of their department.
For now, systems team members are generally the only ones who can stop/start sql services and run the cluster administrator. This, despite the fact that they balk at any other sql tasks because they don't have ( and don't want ) those skills.
I'm looking for help building arguments to either give DBAs the rights they need, or bring them into the Systems Dept. I've already found that SQL Server was designed so that you just cannot do many basic DBA tasks unless you are a SQL sysadmin, and it appears Microsoft assumes network/server admin privileges for DBAs.
Randy
November 10, 2005 at 11:37 am
you definitely do not need to be a domain admin. If the DBA does the installation (s)he will need to be a local admin at a minimum; but after that, it would depend greatly on your responsibility. It is usually not considered good practice to do daily work as an admin; but to have access to the admin account for those special occasions when you find you need to be. Our domain admin always puts my user ID in the admin account when he adds my machines to the domain - so I tend to violate this rule as it is difficult to get a separate domain account around here... and while a local account without admin should be used... I don't.
November 14, 2005 at 3:43 am
First off, DBAs should NEVER be domain administrators.
You need to get documented your seperate teams roles and responsibilities.
Then, and only then, start defining security permissions.
As a preference, I would do my best to segregate DBAs (sysadmin) from OS support (local admin), and Developers (dev environment) from DBAs (Live).
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply