Backup and Restore commands using VDI require sysadmin role membership - by spaghettidba

Status : 

  By Design<br /><br />
		The product team believes this item works according to its intended design.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 775819 Comments
Status Closed Workarounds
Type Suggestion Repros 0
Opened 1/4/2013 10:34:41 AM
Access Restriction Public


To say it with the documentation's words, "The server connection for SQL Server that is used to issue the BACKUP or RESTORE commands must be logged in with the sysadmin fixed server role. "
This is a serious security flaw. There's no need to assign sysadmin rights to a backup operator.

Sign in to post a comment.
Posted by EPM on 4/4/2017 at 10:16 AM
So I have a SOX auditor over one shoulder double checking that I am using the enterprise backup system and an auditor over the other shoulder making sure no generic accounts have SYSADMIN. Microsoft should really take another look at this.
Posted by Matt Friedrichsen on 6/26/2015 at 12:16 PM
In the following KB article, it says "The Microsoft SQL Server product team is evaluating this requirement for the next major version of SQL Server". If that is actually true, why is this connect item closed as "By Design" since the KB seems to admit that the SQL community would probably like a way to grant this ability without having to use sysadmin.
Posted by Isabelle Van Campenhoudt on 3/11/2014 at 8:35 AM
I agree, this should be resolved by the usage of specific user right instead of sysadmin privileges.
Posted by spaghettidba on 2/7/2013 at 10:02 AM
I find it surprising that nobody is concerned about giving sysadmin rights to a backup tool or operator. I understand that it's so by design, but maybe it's time to review the design.
Posted by Microsoft on 2/7/2013 at 9:56 AM
The VDI connection does require Sysadmin permission because the connection itself is capable of more than simply backup commands, and involves shared resources between the client and server.