We have our MIS wanting to setup tighter security around the database servers and asked the question was to what exactly were the Systems Privledges required by Windows Server (2008 and later) for Database Adminstration of our SQL Anywhere Database.

In the past we have been a full Systems Administrator. If we cannot continue as System Administrators, we need to know what System Privledges are needed by our Account for the two different activities below:

A. Installing and configuring SQL Anywhere Database (we assume we might still need an Admin Account to do the initial install).

B. Maintaining and managing the Database largely via Sybase SQL Central - this would include backup operations, configuring, starting and stopping Database Services via SQL Central, as well as executing Interactive SQL.

If anyone knows exactly what privledges are needed for these activities or can reference me to a document, it would be greatly appreciated.

Thanks

asked 13 Sep '11, 16:06

Glenn%20Barber's gravatar image

Glenn Barber
1.1k274456
accept rate: 8%

edited 14 Sep '11, 04:03

Volker%20Barth's gravatar image

Volker Barth
40.0k361549819


Disclaimer - I don't work for Sybase and half expect my information to be slightly-outdated, but...

I've done plenty of custom installs (Sybase 10 and previous) that were nothing more than copying files over and hooking up the various registry wires. I don't attempt any of the java tools in these instances (their installations seem very complex, plus we aren't licensed to use them there) but off the top of my head this is what I would think you would need increased rights for:

  • Installation. Mostly ODBC client drivers, there's also a couple machine-local registration keys (which seem mostly optional). And java, which I don't take the time to understand and won't attempt to simulate.
  • Creating / destroying services - requires the expected windows rights to do so, likely admin level.
  • Starting / stopping services - requires the expected windows rights to do so, likely less than full admin rights are required.

Database actions such as backups, starting and stopping databases on currently-running engines, and other actions running purely within the database server should not require any rights other than what Sybase enforces itself.

--- EDIT:

Also note that there is nothing preventing you from running Sybase Central and/or Interactive SQL on a different machine from your database server, and may be more secure to do so. Running it from a separate machine would also show you exactly what options are available to you when you are not even logged into the server machine.

permanent link

answered 13 Sep '11, 18:30

Erik%20Anderson's gravatar image

Erik Anderson
43681323
accept rate: 15%

edited 13 Sep '11, 18:53

I would fully agree with Erik's suggestion.

Just to add: When doing backups, will this be automated within the database (i.e. by using events)? Then the database server needs permission to write to the backup directory. In case the server runs as a service and the backup is done to a net share, it may need according network permissions (which the "local system" account does not have).

In contrast, when using a client tool to do backups, the client must have write permissions on the backup directory (but not on the directories where the database files are located).

(14 Sep '11, 04:02) Volker Barth
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×128
×28
×12
×9

question asked: 13 Sep '11, 16:06

question was seen: 8,156 times

last updated: 14 Sep '11, 04:03