Enterprise Manager Feature Request - Case #04301383

[schaferc@akrr.com]

Enterprise Manager documentation for item-level restores of SQL Server databases describes that the product will first attempt to use the account of the backup job, and this works for an Original Location restore. However, this does not work for an Alternative Location restore. In our use case our developer needs to create a new database for a new development environment by restoring a backup of an existing database. In particular, this restore is to the same SQL Server system of the backup job. So, the difference is the database name. My understanding of the response in Case #04301383 is that Enterprise Manager is hard-coded to require the sysadmin server role. Our policy forbids granting system administrator privileges on SQL Server instances except to the few selected administrators on the Infrastructure team. Enterprise Manager has very valuable functionality to add the restored database to the availability group in this SQL Server system, but we cannot make use of it because sysadmin membership is required.

The feature request is to remove the sysadmin requirement so that we can use Enterprise Manager without compromising the security of our SQL Servers. If using the account of the backup job is problematic, then the other option in my mind is to check for the CREATE DATABASE permission in the master database, which is what has been granted to our developers to be able to restore databases.

[PetrM]

Hi Curtin,

Thanks for sharing this information and the idea with us! We will consider a possibility to add this functionality in one of our future releases if we have enough similar requests.

Thanks!

[rbienvault]

Hello,

We are in the same case !
We work with the least privilege for the admins, and if we can avoid to put everyone that can do a restore or own an SQL instance, it would be great !