![]() Sad but true, sysadmin is the only way to let an application take backups using the VDI API. The server connection for SQL Server that is used to issue the BACKUP or RESTORE commands must be logged in with the sysadmin fixed server role. ![]() If you download and browse the documentation, under the “Security” topic, you will find a worrying statement: The VDI specification is available here (you just need the vbackup.chm help file contained in the self-extracting archive). Basically, it allows an application to act as a storage device. VDI (Virtual Backup device Interface) is the standard API intended for use by third-party backup software vendors to perform backup operations. Since probably nobody uses tapes directly anymore, basically I’m referring to Virtual Backup Devices. With other types of device I mean tapes and Virtual Backup Devices. While this statement sound sensible or even obvious when talking about file system devices, with other types of device it’s less obvious what “permissions” means. SQL Server must be able to read and write to the device the account under which the SQL Server service runs must have write permissions. ![]() If you look up the BACKUP statement on BOL you’ll see in the “Security” section thatīACKUP DATABASE and BACKUP LOG permissions default to members of the sysadmin fixed server role and the db_owner and db_backupoperator fixed database roles.īut there’s more to it than just permissions on the database itself: in order to complete successfully, the backup device must be accessible: Obviously, you don’t need to be a sysadmin to simply issue a BACKUP statement. Looks like a silly question, doesn’t it? – Well, you would be surprised to know it’s not. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |