So we’ve recently adopted the use of SQL Server 2008’s Central Managment Server for our development team. Something that tends to get missed or not talked about in articles about CMS is the security required to connect and view the Central Management Server.
There are 2 MSDB database roles that relate to the Central Managment Server:
ServerGroupReaderRole: Members of this group can only view the Central Management Server’s registered servers
ServerGroupAdministratorRole: Only members of this group can add/update/delete registered servers to the Central Management Server
So if your first instict was to grant db_datareader access to the MSDB database it pays to take a look around and make sure that you’re not granting more security then what is required.
Some great articles on Central Managment Servers: