We have our MIS wanting to setup tighter security around the database servers and asked the question was to what exactly were the Systems Privledges required by Windows Server (2008 and later) for Database Adminstration of our SQL Anywhere Database. In the past we have been a full Systems Administrator. If we cannot continue as System Administrators, we need to know what System Privledges are needed by our Account for the two different activities below: A. Installing and configuring SQL Anywhere Database (we assume we might still need an Admin Account to do the initial install). B. Maintaining and managing the Database largely via Sybase SQL Central - this would include backup operations, configuring, starting and stopping Database Services via SQL Central, as well as executing Interactive SQL. If anyone knows exactly what privledges are needed for these activities or can reference me to a document, it would be greatly appreciated. Thanks |
Disclaimer - I don't work for Sybase and half expect my information to be slightly-outdated, but... I've done plenty of custom installs (Sybase 10 and previous) that were nothing more than copying files over and hooking up the various registry wires. I don't attempt any of the java tools in these instances (their installations seem very complex, plus we aren't licensed to use them there) but off the top of my head this is what I would think you would need increased rights for:
Database actions such as backups, starting and stopping databases on currently-running engines, and other actions running purely within the database server should not require any rights other than what Sybase enforces itself. --- EDIT: Also note that there is nothing preventing you from running Sybase Central and/or Interactive SQL on a different machine from your database server, and may be more secure to do so. Running it from a separate machine would also show you exactly what options are available to you when you are not even logged into the server machine. I would fully agree with Erik's suggestion. Just to add: When doing backups, will this be automated within the database (i.e. by using events)? Then the database server needs permission to write to the backup directory. In case the server runs as a service and the backup is done to a net share, it may need according network permissions (which the "local system" account does not have). In contrast, when using a client tool to do backups, the client must have write permissions on the backup directory (but not on the directories where the database files are located).
(14 Sep '11, 04:02)
Volker Barth
|