Authenticating Logins - Secondary Server Roles
(Page 22 of 24 )
The secondary server roles offer very little functionality. The first two serve very specialized purposes, and the last one exists simply to maintain compatibility with previous versions of SQL Server.
setupadmin
This role is useful for one purpose: to manage linked servers. It can also configure a stored procedure to run at startup, but that job can be just as easily done by members of sysadmin.
processadmin
The sole capability of processadmin is to delete SQL Server processes that are causing problems. Because the sysadmin role includes this capability, it will be rare that you assign someone to this role, although it is useful for tech support in killing deadlocks.
diskadmin
Included mainly to provide backward compatibility with previous versions, this role has permissions to manage database disk devices, which are not used in SQL Server 7.0+. This role can run all the Disk commands such as Disk Init, Disk Reinit, Disk Refit, Disk Mirror, and Disk Remirror. It can also run the sp_diskdefault and sp_dropdevice system stored procedures.
The key feature of this role for version 7.0 is the ability to run the sp_adddumpdevice system stored procedure to add backup devices. Note that it does not confer the ability to make database backups (that is a database role); rather, it allows its members to create the devices onto which the backups will go.
bulkadmin
Added in SQL Server 2000, this role has one special permission: the authorization to run the BULK INSERT command. Interestingly, it does not grant its members any other permissions on the target table.
 This is from SQL Server Security Distilled, second edition, by Morris Lewis (Apress, ISBN 1590592190). Check it out at your favorite bookstore today. Buy this book now. |
Next: Special User Identities >>
More MS SQL Server Articles
More By Apress Publishing
/ 17 
