The DBA at our location is demanding local admin (windows) right's to the box so he can function. Right now when he logs in i have given him right's to the inetpub directory, sql directory, i have set him as a sysadmin on sql2005 and gone into the http:\\localhost\reports and set him up as a system manager and under site priveledges set him as a sys admin. When he tries to login and configure the report server he gets the following error:
Title-Reporting services configuration manager
Error-There was an error refreshing the UI. bla bla bla
A WMI error has occurred and no additional error information is availiable
Title-Reporting services configuration manager
Error-There was an error while switching panels. The most likely cause is an error retrieving WMI properties. bla bla bla
A WMI error has occurred and no additional error information is availiable
then when he's in sql server 2005 surface area configuation
Title-Surface Area Configuration
Error-Access denied (system.management)
Is there any documentation or anythign anyone can tell me that i can do to give this DBA full access to configure and admin the SQL portion of his system without giving him admin rights to the OS?
Please help!!
Thanks for any time anyone has taken to review this thread!!
There's no issue in giving him/her admin rights to the box. In most cases, he'll/she'll need it. Don't confuse local admin on the box with network admin rights.
Adamus
|||That's the problem in my environment i cant give local admin rights to any box. This is per PCI requirements which is a credit card VISA format amongst other regulations i'm under.
Do you have any other info that can provide assistance?
|||IThe DBA at our location is demanding local admin (windows) right's to the box so he can function. Right now when he logs in i have given him right's to the inetpub directory, sql directory, i have set him as a sysadmin on sql2005 and gone into the http:\\localhost\reports and set him up as a system manager and under site priveledges set him as a sys admin. When he tries to login and configure the report server he gets the following error:
Title-Reporting services configuration manager
Error-There was an error refreshing the UI. bla bla bla
A WMI error has occurred and no additional error information is availiable
Title-Reporting services configuration manager
Error-There was an error while switching panels. The most likely cause is an error retrieving WMI properties. bla bla bla
A WMI error has occurred and no additional error information is availiable
then when he's in sql server 2005 surface area configuation
Title-Surface Area Configuration
Error-Access denied (system.management)
Is there any documentation or anythign anyone can tell me that i can do to give this DBA full access to configure and admin the SQL portion of his system without giving him admin rights to the OS?
|||Moving to the SQL Server Security Forum.|||ok i think i figured out the surface area config issue, theres a link that states : Add new administrator in which i did and i can access all pages now, but it wont obviously let a non admin restart services, since there's a handful of services i think i'll just have/set the services under the SQL admins credentials, unless someone knows of a better way, in which i can allow the sql admin to restart services?
On the other issue i still cant access the reporting service configuration page, still recieving a WMI error?//
Please anyone HELP!!
|||These sources should help you understand and configure the appropriate account/security for your DBA.
Configuration -Service Accounts, SQL Server 2005 - Setting Up Windows Service Accounts
http://msdn2.microsoft.com/en-us/library/ms143691.aspx
http://msdn2.microsoft.com/en-us/library/ms143504.aspx
Configuration -Service Accounts, SQL Server or SQL Server Agent service account
http://support.microsoft.com/kb/283811/en-us
http://msdn2.microsoft.com/en-us/library/ms143691.aspx
Configuration -Service Accounts,Selecting an Account for the SQL Server Agent Service
http://msdn2.microsoft.com/en-us/library/ms191543.aspx
http://support.microsoft.com/kb/907557
Ok i was looking over the attached documents. It pretty much looks from what you've given me, if i setup the services on the local machine to run under the SQL DBA's credentials that i wont need to do anything further, this will in turn give the SQL DBA access without any errors?
Personally i dont think the service items are the issues but if you're positive this will do what i dneed to do i'll try it. Please reconfirm my understanding of the situation before i attempt to run changes please.
Again thanks for your assistance.
No comments:
Post a Comment