We are trying to restrict developer permissions in our development environment. One thought is to add developers to db_datareader, db_datawriter, db_ddladmin, db_securityadmin and then revoke various permissions from ddladmin and securityadmin. The goal is to allow developer to create stored procedures and assign permissions to the stored procedures.
Another option is to place all developers in the same role and ask them to create all procedures using that role name (ex: dev_role.sp_procedurename). By doing this each developer will be able to run stored procedures created by another developer. The down side is the permissions do not match Model Office/User Test and Production.
Any suggestions on how to handle this situation?
Thanks, DaveI have 3 instances on 2 boxes..
DEV, QA and PROD...
Let the developers knock themsleves out in DEV...hopefully using some kind of version control
Promote all the code and YOU execute it in QA..they're not allowed in there
QA tests the code
QA gets signed off
Code is the promoted to prod on another box...|||We have the same thing here as Brett does there. Developers get added to the db_owners group in development, and are barred from using anything but the application logins in QA and prod (too hard to police, anyway). No one ever gets sysadmin on anything (and oh, how they ask).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment