You can use RockSolid to enforce membership for SQL Server server roles. This is useful for ensuring unexpected accounts are not granted elevated rights within a SQL Server instance.
To enable enforcement of server level roles, typically this will be set at a Group or Site level hierarchy, however instance level settings can be applied to manage exceptions.
To Enforce Server Role Membership
- Go to the instance policy at the relevant level. Select the security tab.
- Set "Specify Server Role Members" to on
- Now add the name of the SQL Server server role, followed by the name of the SQL Server login which will be expected.
RockSolid will only validate server roles for which at least one entry exists. If you do no list a given server role, no checks for it's membership will take place.
To exclude all logins from a server role, please enter the server role and add a blank login name.