Domain Administrator and Database Administrator
If your company policy states that Domain Administrator cannot manage the SQL Server database, the following steps should be followed without violating the policy.
- Domain Administrator creates a global group or universal group, such as DataAccess;
- Database Administrator creates an application role with necessary permissions. Database Administrator creates the Login for DataAccess windows group and assigns it as a member of the application role;
- Domain Administrator controls the membership of DataAccess;
