Limiting An App DBA's Ability to Create Files

We have been having issues where the Application DBA's are creating files to expand their databases and using up all the space.

The two-part question is does the db_ddladmin role allow the user to alter a dB to add files? And what sort of lockdowns are best practices? dB Owner? Just DataReader/DataWriter?

Can we prevent them from adding files at all?

more ▼

asked May 20, 2010 at 03:16 PM in Default

Blackhawk-17 gravatar image

11.9k 28 31 37

(comments are locked)
10|1200 characters needed characters left

1 answer: sort voted first

The db_ddladmin role does not permit a user to add files to a database.

The db_owner role, dbcreater server role or sysadmin role do permit files to be added to a database.

What's best practice depends on what your Application DBAs actually need to do. It seems like you really have a management or training issue rather than a security requirement. Someone needs to be responsible for allocating storage. That person or those people need to understand what the correct procedure is. In many cases this will be the responsibility of a storage management group who have to allocate space on storage arrays before the DBA gets to use it.

more ▼

answered May 20, 2010 at 06:46 PM

David 1 gravatar image

David 1
1.8k 1 3

(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.



asked: May 20, 2010 at 03:16 PM

Seen: 839 times

Last Updated: May 20, 2010 at 03:16 PM