Category Archives: Maintenance
Know Your (Pre-Defined DB) ROLE!
Yesterday we talked about the Rock and how he can help you with SQL Server security ala “know your role.”
Do you know your SQL Server pre-defined database security roles?
These pre-defined roles will allow their respective members to perform defined sets of activities within each database. It is important to realize that these exist in every database and you cannot drop these roles. They are as follows:
- db_owner Role: This is the Mac Daddy of fixed database roles as it can perform all configuration and maintenance activities on the database including dropping the database. It is the only role that members can add additional users to this role.
- db_securityadmin Role: Members of this role can modify role membership (except db_owner) and manage permissions.
- db_accessadmin Role: Members of this role can add or remove access to the database for Windows logins, Windows groups, as well as SQL Server logins.
- db_backupoperator Role: Members of this role can back up the database, that is all.
- db_ddladmin Role: Members of this role can run any Data Definition Language (DDL) command in a database, in other words they can run ALTER, CREATE, DISABLE TRIGGER, ENABLE TRIGGER, DROP, TRUNCATE, and UPDATE STATISTICS statements.
- db_datawriter Role: Members of this role can add, delete, or change data in all user tables.
- db_datareader Role: Members of this role can read all data from all user tables.
- db_denydatawriter Role: Members of this role cannot add, modify, or delete any data in the user tables within a database.
- db_denydatareader Role: Members of this role cannot read any data in the user tables within a database.
There are several of these that I rarely use, but they are there if I need them. Like the Rock says “know your role!” Enjoy your weekend!
Know Your ROLE!
In the famous words of The Rock “know your role and shut your mouth!” Well mainly we were going with “know your role.”
Do you know your SQL Server security roles?
A SQL Server role defines exactly what a user can and cannot do inside a database. It is also possible for multiple users be it AD users and groups or SQL Server users can share this role. Roles are similar to AD groups in Windows security except they only control security within databases.
Today we will discuss the fixed roles which are setup across the server instance and apply to all objects on the server. They are as follows:
- SysAdmin Role: This is the Mac Daddy of roles as it can perform any and all actions on the server.
- ServerAdmin Role: This role can change configuration options on the server. They can also shut down the server, choose them wisely.
- SetupAdmin Role: This role can manage linked servers, SQL Server startup options and tasks.
- SecurityAdmin Role: This role can only manage server security. They can also reset passwords saving you from the mundane task, if you have your own minions.
- ProcessAdmin Role: This role has the ability to kill processes running on the SQL Server aka SPID killer aka Die SPID die!
- DbCreator Role: This role can create, alter, drop and restore databases, which is pretty powerful just now Genie from Aladdin powerful.
- DiskAdmin Role: This role can manage the SQL Server disk files.
- BulkAdmin Role: This role can only run the bulk insert command (I have personally never seen used before).
- Public Role: Every user belongs to the public role by default and therefore you cannot change membership to this role. Keep in mind if you assign any permissions to this role it will apply across the entire instance.
There are several of these that I rarely use, but they are there if I need them. Like the Rock says “know your role!” Tomorrow we will discuss pre-defined database roles. Enjoy!
Weird DBMail Error in 2008
Found a weirdness this morning that I thought I would share with you. I have recently setup up two new SQL Server 2008 clusters and setup the database mail yesterday so that I can receive a nightly backup report, which is much easier than 50-100 individual emails per server. The database mail worked on the send test email, but was not sending out for jobs.
I talked to our exchange guy to make sure there was nothing on that end preventing the flow. I reviewed the settings and review the SQL agent job. Nothing jumped out at me. The job history showed SQLSTATE 42000, ERROR 14607.
Upon bingling the error code, I found the error to mean incorrect profile name. I named the profile, so now SQL Server is judging my naming convention?
Wait, I scripted out the job from another server, but I changed the names in the script. I rechecked the profile on the source server and it was named “<server name> Mail”. However my profile on the new server was simply named after the server name. Once I changed the name by deleting the profile and creating a new one, the job worked successfully. Attention to details! I hope this helps someone, enjoy!
CodePlex Tool: SQL Server 2008 Extended Events SSMS Addin
Yesterday we discussed traversing the CodePlex tool offerings for SQL Server. Our first installment is the SQL Server 2008 Extended Events SSMS Addin written by MVP/MCM Jonathan Kehayias (blog|twitter) of SQLskills.com.
The install was a simple GUI installer and after an SSMS restart, I could see the nice little GUI as seen in the image below. This is great idea because there is currently not an extended events interface in SQL Server Management Studio.
Personally, I haven’t worked very much with extended events, but I would like to learn more. With that being said, I am not sure if the tool works or not because I really do not know what I am looking for. Does this image mean I have an error? When I click on the event , it does nothing which leads me to believe that I do not have an error. I do see where I can edit the event session “system_health” but I am not sure if the items in the list are always there or only there when the event fires? Jonathan is an MCM and is much smarter than me in regards to SQL Server, so maybe someone else can comment on this tool? Maybe we can convince Jonathan to create some documentation. Enjoy!
Extended Events SSMS GUI
CodePlex Tool Hunting
This morning I was contemplating what new project to tackle for my blog. I started thinking about tackling PAL (Performance Analysis of Logs) and my recent blog on SQL Nexus. That got me thinking about CodePlex, Microsoft’s open source directory where those two utilities are located. What other great tools are out there for SQL Server? This Project Directory indicates there are 328 SQL Server related projects on CodePlex. Holy special toolbelt, Batman that is a lot of utilities.
I will spend the next week or so exploring some of these tools. Stay tuned, same bat time, same bat channel.
Green? If You Only Knew the Power of the Dark Side!
Default Server Power Plan
Continuing my blog series from SQL Saturday #132, I wanted to review one piece of good advice I received from the pre-conference training on Friday prior to the event. The pre-con titled “Demystifying Database Administration Best Practices” was presented by Microsoft Certified Masters Robert Davis (twitter|blog) and Argenis Fernandez (twitter|blog).
The default power setting for a new server is balanced as shown in the image above. This is great when you are trying to achieve a green workplace. But did you realize that you purchased hardware and now you are not using it to its full power? Why would you purchase a powerful server and then not use the server to its full capacity? Why not just buy a less powerful server if that is the goal?
Want to see the difference in the balance power plan and the high performance? Download the freeware CPU-Z utility from CPUID. This is a great utility for the administrator for more reasons than just this one as it gives realtime analysis for your CPU, memory, and graphics.
CPU Performance with Balance Power Plan
Check your servers, you may be running short on some power. Stay tuned for more items in our next installment. Enjoy!
SQL Swampland 