Are there any server-level security concerns I might be missing with granting a login ALTER TRACE on a SQL 2005 instance?
- I don't care that the login can see anything that's happening on the server
- They won't be able to actually DO anything that the trace would show, outside of what they already can (unless I'm missing something). All devs pretty much cover each other and have permission to modify db data and code anyway.
The only thing I can come up with is performance degradation from having excessive (too many, too large, etc) traces running, but this is a controllable concern for me and not a show stopper. Pretty much the only things a dev in this scenario should not be able to do are create/drop databases and modify server security (db security is fine, they're all dbo on each user db).
Best Answer
See this article:
http://technet.microsoft.com/en-us/library/cc293611.aspx