Currently I have multiple SQL Server instances; with almost no standards to speak of. So trying to figure out what standards I want to define. And security is turning out of to be a big issue; I am pretty sure how I want to organize it. But fighting developers is not being easy.
For all servers, I want to rely on AD Security as much as possible, but there are expections where SQL Security is needed.
Layout I am thinking of:
Development
- No user has SysAdmin rights on any server.
- Developers have DBO on their respective database they are working on.
- Trying to decide how to do this, give only selected few developers access to they database they are working on?
- Give all developers access to the each development database?
- No End Users have access to the development server or database.
Testing
- No user has SysAdmin rights on any server.
- Developers have same level of access as End User so they can help the end user troubleshoot issues.
Production
- No user has SysAdmin rights on any server.
- Developers have no access to production servers.
- End user has required read/write rights on their databases.
SQL Canada (SQLCAN) 