Post reply

Development using Sysadmin access

  • February 14, 2003 at 4:53 am

    #58260

    I am trying to persuade the team of developers in my office that they do not necessarily require to be System Administrators(sysadmin). Indeed a number of processes that are now in our production environment appear to use Sysadmin, presumably because they were developed using Sysadmin. With the exeception of running traces is there any justification for developers requiring to be system adminstrators?

    Edited by - exonjg on 02/14/2003 05:05:31 AM

  • February 14, 2003 at 10:58 am

    #449021

    When I first started working at bigdough.com our Cold Fussion and Visual Basic developers did not have SA permissions in our Dev environment. A few months later I changed that and made them all SA's on our development servers. The reason I did this was so that when they create stored procedures the owner would be dbo. So, unless there is another way to make what they create be owned by dbo without changing it later then that would be another reason.

    All our developers know to not count on an account having SA permissions when what they have developed gets moved to testing and production. If they have done something like that then we would know when what they developed is moved to testing since they won't have access to accounts with SA in our testing environment.

    Robert W. Marda

    SQL Programmer

    bigdough.com

    The world’s leading capital markets contact database and software platform.

    Robert W. Marda
    Billing and OSS Specialist - SQL Programmer
    MCL Systems

  • February 14, 2003 at 11:02 am

    #449024

    You can use db_ddladmin so they can create stored procedures owned by dbo and db_securityadmin so they can assign permissions. Also, if a user is in both roles, the user has the ability to execute sp_changeobjectowner, meaning if they forget to prefix the object name with the owner, they can still fix that.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • February 16, 2003 at 4:01 pm

    #449073

    I think it best to give developers SA rights within their own development environment. This allows them to profile and tune the apps. They can also setup scheduled jobs, do BULK INSERT tasks, kill a runaway process, etc...

    That said, we have a special 'gateway' that enforces production level quality assurance, prior to any changes moving out of the development environment. One of the standards is non-use of SA privelages.

    Thanks

    Phill Carter

    --------------------
    Colt 45 - the original point and click interface

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply