I have a global production server and database, as I all users should have access to it by remote desktop.
Is it possible to grant NTFS permission on all database files (mdf+ldf files) to all users? something like
everyone can full access to it.
note that : we didn't need to share anything by file sharing service.
our app admins can remote and then if needed they all can detach-attach all database if they want. then they want to move or change location of mdf or ldf if they want
my suggestion is we can grant full access to system server admins.
but our dba said:
we grant permission to everyone and it didn't have any risk
is this safe?
Best Answer
I'm not entirely sure what problem you're trying to solve, but if you grant the kind of access you're describing to "Everyone" and you get hacked, now you have opened up a lot more possibilities for someone to do damage to your systems. That is access that they could not have done if access had only been granted to a select few people. It sounds like you want to have certain people with the ability to move database files around as needed. This will require a login and user and the ALTER DATABASE permission as well as an AD group that is either a local admin on the server or has been granted specific access to the folder(s) where the database files are stored. See the below question and answer about ALTER Database.
https://stackoverflow.com/questions/9798968/permissions-required-to-run-alter-database-set-single-user-statement-on-sql-se