Setup DBA File Permissions - SQL-FineBuild/Common GitHub Wiki

Previous Check SQL Services	Manual Install	Setup DBA Registry Permissions Next

FineBuild will Setup File Permissions for DBAs so they can access the SQL Server folders.

The Microsoft SQL Server install will set explicit folder security on the objects created during the install, overwriting any existing permissions. The assigned permissions allow local Administrator access but do not allow access to the DBA groups. FineBuild updates these permissions so that the DBA groups do have access, allowing DBA staff to perform their proper administrative functions on SQL Server.

The Setup File Permissions processing relates to Process Id 2CAI.

FineBuild Setup File Permissions

FineBuild will automatically Setup File Permissions to allow DBAs to access the SQL Server folders.

FineBuild also uses the following parameters to help Setup File Permissions:

Parameter	Default Value	Description
/GroupDBA:	none	Name of DBA Windows group for sysadmin access
/GroupDBANonSA:	none	Name of DBA Windows group for low privilege access

Top

---

Manual Setup DBA File Permissions

The following steps show what you would have to do to Setup DBA File Permissions manually. FineBuild does all of this work for you automatically.

The following commands will allow DBA staff to access specified SQL Server folders. Run these commands, replacing the group names with those used at your installation:

CACLS "foldername" /T /C /E /G "GroupDBA":F
CACLS "foldername" /T /C /E /G "GroupDBANonSA":R

The above commands should be run on all of the folders below:

1. If Analysis Services is being installed, run the CACLS commands on all the folders below

   Replace MSSQLSERVER with the instance name being installed:

   E:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER
   J:\SQLFiles\MSAS.MSSQLSERVER.Data
   K:\SQLFiles\MSAS.MSSQLSERVER.Log
   T:\SQLFiles\MSAS.MSSQLSERVER.Temp
   I:\SQLFiles\MSAS.MSSQLSERVER.Backup
   

2. If SQL Server database engine is being installed, run the CACLS commands on all the folders below

   Replace MSSQLSERVER with the instance name being installed:

   E:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER
   J:\SQLFiles\MSSQL.MSSQLSERVER.Data
   F:\SQLFiles\MSSQL.MSSQLSERVER.FTData
   K:\SQLFiles\MSSQL.MSSQLSERVER.Log
   T:\SQLFiles\MSSQL.MSSQLSERVER.Data
   I:\SQLFiles\MSSQL.MSSQLSERVER.Backup
   

3. If SQL Server Report Services is being installed, run the CACLS commands on all the folders below

   Replace MSSQLSERVER with the instance name being installed:

   E:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER
   

Copyright FineBuild Team © 2013 - 2021. License and Acknowledgements

Previous Check SQL Services	Top	Setup DBA Registry Permissions Next