This post has been wikified, any user with enough reputation can edit it.
asked
NTFS Directory Permissions for SQL Server 2012
After installation of SQL Server 2012 the O/S administrators revoke administrative access to the system. That of course prevents me from "seeing" into the Backup, DATA, Logs, etc. directories. Now I can't use NotePad to read the errorlog or copy database files when re-locating or other simple scenarios. What is a good way of getting the requisite permissions on the instance directories and how are others working around these security hurdles? I understand all the least privilege arguments but there are also arguments for being able to do day-to-day work for those of us who aren't granted administrative access on the O/S.
Permissions have to be granted to the appropriate file locations. No other way around it really. We spent a lot of time with our security people, walking them through the stuff that we needed to do in order to get our job done. They carefully exposed what we needed, as we demonstrated the need. But, we documented it so that each subsequent setup went smoothly.
Therein lies the dilemma. I would prefer if Microsoft had an Instance$DBA Group created at install with the desired access rather than assuming all DBAs must be O/S administrators as well. What we have today is reinventing the wheel at every install.
14 People are following this question.
