SQL Bloke - SQL Server DBA

So what is a spray, in Australia coaches at quarter, half and three quartertime talk to the team sometimes this becomes a spray.

Here is a typical one delivered by the coach to a local football team.

“You blokes are jokes! Don’t you want to win? You need to go into the room of mirrors and have a good, hard look at yourselves. You have let the team down! You’ve let the club down! You have let Tigers fans down! You have pissed on the Tigers’ jumper. You have dudded your families and, most importantly, you bludgers have let the whole of the Barossa Valley down.

So I will be spraying at lots of different issues all faced with SQL Server

My First Spray is to Microsoft

Why in all this time have you not fixed the security on VDI, for those that don't know all third part backup tools use the old legacy technology that is VDI to communicate with SQL Server to perform their backup. The problem is that to do this the user/account issuing the commands for backup must have sysadmin rights. Under database roles we have db_backupoperator which can be a member of public but a user without sysadmin level cannot use the VDI backup set only the Native Backup.

This is a security issue and has been around since SQL Server 7 its time Microsoft fixed this, possibly introduce a server role for backup operations that an account can be assigned to allowing a senior level dba to lock down the server even further.

It would then be possible to stop unauthorized database backups, monitor specific accounts doing backups and remove the need for a user to have sysadmin privileges unless required.