tags:

views:

23

answers:

2
Q: 

How to alter database on the linked server WITHOUT SYSADMIN rights?

My requirement is that user performing alter CANNOT be sysadmin (it can have all other rights but not sysadmin).

I am running a query from local server which should modify a remote one

EXEC ('ALTER DATABASE REMOTEDB MODIFY FILEGROUP ftfg_REMOTEDB NAME=ftfg_REMOTEDB') at [REMOTESERVER]

This query works once I add sysadmin right to the user but without the right, it give the following error:

The server principal "USERWITHOUTSYSADMIN" is not able to access the database "REMOTEDB" under the current security context.

I am on SQL Serve 2008.

Please Help!

A: 

Put the EXEC command in a stored procedure and grant execute on the procedure to the user. It won't STOP a sysadmin from executing it, but it will allow others to execute it as well. Be VERY, VERY careful with this!

md5sum  2010-09-15 17:48:13
can I add execute to the user to the existing sp_executesql procedure and use that procedure?
Chicago  2010-09-15 17:50:15
FYI, This did now not work but it was a very good idea
Chicago  2010-09-15 18:14:32
Sorry, I know we did something like this at a place I used to work, but that's been a long, long time ago, and it was a pretty messy thing... Is it possible to give a broader explanation of what it is you're trying to accomplish? There may be a better overall solution before you implement something like this.
md5sum  2010-09-15 18:22:14
A: 

Can you allow the user to impersonate someone with the appropriate permissions?

EXEC ('ALTER DATABASE REMOTEDB MODIFY FILEGROUP ftfg_REMOTEDB NAME=ftfg_REMOTEDB') 
    AS USER = 'UserWithAppropriatePermissions'
    AT [REMOTESERVER]
Joe Stefanelli  2010-09-15 18:07:29
That's the problem. Is seems that the only appropriate permission is to give the user sysadmin rights (which I cannot do). So, I cannot give sysadmin rights to the user on local server or remote. I tried to do this with sa but local user does not have enought permissions to impersonate as sa:)
Chicago  2010-09-15 18:17:43
Can you grant the user ALTER permissions on the Database Object? That should be sufficient for your purposes.
Joe Stefanelli  2010-09-15 18:26:22
How do I do that? I tried doing that via UI but that did not seem like a reliable way (right click on db - > permissions -> alter). Can I do with sql?
Chicago  2010-09-15 18:53:05
Via SSMS, drill down through the folders: Databases -> YourDatabase -> Security -> Users. Double click on the user you want to modify. Click "Securables" in the left hand pane. Click "Search..." in the main pane. Choose radio button "All objects of the type..." and click OK. In the pop-up window, Check Object Type "Databases" and click OK. Scroll through permissions in lower panel and check box for "Grant" next to the "Alter" permission.
Joe Stefanelli  2010-09-15 19:00:11
Just tried that and that did not work :(
Chicago  2010-09-15 19:10:26
One more thing I realized is that it is not only for alter but for select as well. I think I am missing some general access permission?
Chicago  2010-09-15 19:36:26

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?