Search

Backup and Restore commands using VDI require sysadmin role membership by spaghettidba

Resolved
as By Design Help for as By Design

5
0
Sign in
 to vote
Type: Suggestion
ID: 775819
Opened: 1/4/2013 10:34:41 AM
Access Restriction: Public
0
Workaround(s)
To say it with the documentation's words, "The server connection for SQL Server that is used to issue the BACKUP or RESTORE commands must be logged in with the sysadmin fixed server role. "
This is a serious security flaw. There's no need to assign sysadmin rights to a backup operator.
Details (expand)

Product Language

English

Category

SQL Engine

Proposed Solution

Find a better way to assign permissions to the backup user. There is no need to assign such a powerful role to a user that only needs to perform backup operations.

Primary Benefit

Improved Security

Other Benefits

 

Virtualization

 
File Attachments
0 attachments
Sign in to post a comment.
Posted by spaghettidba on 2/7/2013 at 10:02 AM
I find it surprising that nobody is concerned about giving sysadmin rights to a backup tool or operator. I understand that it's so by design, but maybe it's time to review the design.
Posted by Microsoft on 2/7/2013 at 9:56 AM
The VDI connection does require Sysadmin permission because the connection itself is capable of more than simply backup commands, and involves shared resources between the client and server.
Sign in to post a workaround.
© 2013 Microsoft Corporation. All rights reserved. Microsoft Connect Terms of Use | Trademarks | Privacy Statement