var sidebar_align = 'right';
var content_container_margin = parseInt('290px');
var sidebar_width = parseInt('270px');
Unanswered: Sysadmin role
Is it possible to give a user a sysadmin role and then deny some of the privileges?
I am a junior dba, I should be able to view only everything that the sysadmin can see, i.e. db properties, logins, packages, jobs etc.
Any particular class of privileges?
You could maybe use Revoke (see BOL).
I looked at revoke and it is not exactly what I am looking for. I shouldn't be able to modify the jobs, take db offline, or detach it, or restore it. And these are just few examples.
How about we go at this from the other side. What do you have to do? View only implies the guest users in each database should be able to handle your needs.
I need to create a user that would be able to view everything within Enterprise Manager but not update or change anything.
Create a login with no server roles associated with it, and don't add him to any databases. Then run the following in each user database (i.e. not master or msdb):
This should allow you to view anything but data in the tables. Oddly enough, going further than that can lead to some security holes, and already has opened up a few I would rather not think of.