So we’ve recently adopted the use of SQL Server 2008′s Central Managment Server for our development team. Something that tends to get missed or not talked about in articles about CMS is the security required to connect and view the Central Management Server.
There are 2 MSDB database roles that relate to the Central Managment Server:
ServerGroupReaderRole: Members of this group can only view the Central Management Server’s registered servers
and
ServerGroupAdministratorRole: Only members of this group can add/update/delete registered servers to the Central Management Server
So if your first instict was to grant db_datareader access to the MSDB database it pays to take a look around and make sure that you’re not granting more security then what is required.
Some great articles on Central Managment Servers:
Configuring and Using a Central Management Server for SQL 2008 – Brent Ozar
SQL Server 2008 Central Managment Servers – Kimberly Tripp
Create a Central Management Server and Server Group
Enjoy!!
[...] post: SQL 2008 CMS Security | Benchmark IT Consulting | Colin Stasiuk By admin | category: it consulting | tags: adopted-the-use, attended-the-2009, central, [...]
Awesome post! It really helped me a lot! Thanks for sharing it.