Last November at PASS I attended a session entitled "Si Se Puede! Achieving Separation of Duties with SQL Server" presented by Il-Sung Lee and Lara Rubbelke (blog | twitter). Lara and Il-Sung discussed the separation of duties between the DBA and the sysadmin role and presented the SQL Server Separation of Duties Framework to help facilitate this.
Version 2.0 of the Separation of Duties Framework has just been released and it can help you create a controlled environment to manage permissions for various levels of DBA's and/or users.
Do you ever need to grant a user specific elevated permissions?
What about granting some junior level DBA's the ability to unlock a login but not the ability to alter it?
Using the SoD Framework you can setup multiple roles with specific permissions and assign users to them as necessary. This framework can help accomplish these tasks easily and in a controlled environment. It's completely user definable and as of this release is capable of handling multiple tiers of users. Check out
Lara's latest blog post for more information. Check it out and leave us a comment if you have any questions or issues.
It's been a great experience working with Lara Rubbelke (blog | twitter) on version 2.0 of this framework and we are looking forward to continuing the development of this project.