![]() You could add your delegated security group to every database as db_securityadmin, but this would be difficult to maintain in a highly dynamic environment with thousands of databases. The securityadmin role can only add logins to the instance and not users to databases or in turn users to database roles. One thing you may consider is placing these groups into the securityadmin server role, but the problem with the securityadmin role is the lack of certain rights. Using the out-of-the-box SQL Server roles or permissions doesn’t quite handle all of these use cases and you want to avoid putting these groups into the sysadmin server role on SQL Server for obvious reasons. You have groups outside of database administration that need to have the ability to manage security of SQL Server logins, users, and roles. ![]() Providing delegated administration to groups that need to perform various security functions has always been a difficult task, but thanks to Powershell V3 (currently in CTP 1 as of this blog post) and PowerGUI we have new tools to provide a solution. ![]()
0 Comments
Leave a Reply. |