Comprehensive data protection for all workloads
Post Reply
schaferc@akrr.com
Lurker
Posts: 1
Liked: 2 times
Joined: Aug 13, 2020 12:41 am
Full Name: Curtin Schafer
Contact:

Enterprise Manager Feature Request - Case #04301383

Post by schaferc@akrr.com » 2 people like this post

Enterprise Manager documentation for item-level restores of SQL Server databases describes that the product will first attempt to use the account of the backup job, and this works for an Original Location restore. However, this does not work for an Alternative Location restore. In our use case our developer needs to create a new database for a new development environment by restoring a backup of an existing database. In particular, this restore is to the same SQL Server system of the backup job. So, the difference is the database name. My understanding of the response in Case #04301383 is that Enterprise Manager is hard-coded to require the sysadmin server role. Our policy forbids granting system administrator privileges on SQL Server instances except to the few selected administrators on the Infrastructure team. Enterprise Manager has very valuable functionality to add the restored database to the availability group in this SQL Server system, but we cannot make use of it because sysadmin membership is required.

The feature request is to remove the sysadmin requirement so that we can use Enterprise Manager without compromising the security of our SQL Servers. If using the account of the backup job is problematic, then the other option in my mind is to check for the CREATE DATABASE permission in the master database, which is what has been granted to our developers to be able to restore databases.
PetrM
Veeam Software
Posts: 3622
Liked: 608 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: Enterprise Manager Feature Request - Case #04301383

Post by PetrM »

Hi Curtin,

Thanks for sharing this information and the idea with us! We will consider a possibility to add this functionality in one of our future releases if we have enough similar requests.

Thanks!
rbienvault
Influencer
Posts: 19
Liked: 9 times
Joined: Jun 09, 2020 9:17 am
Full Name: Romain
Contact:

Re: Enterprise Manager Feature Request - Case #04301383

Post by rbienvault »

Hello,

We are in the same case !
We work with the least privilege for the admins, and if we can avoid to put everyone that can do a restore or own an SQL instance, it would be great !
Post Reply

Who is online

Users browsing this forum: sarnold, Semrush [Bot], StrongOBackup and 144 guests