SDE User PermissionsPosted: November 22, 2011
The SDE user is responsible for several geodatabase maintenance tasks including compression and version management among others. The SDE user also owns the geodatabase system tables, triggers and procedures. The DBMS privileges necessary to manage and alter the geodatabase are granted to the SDE user upon creation of the geodatabase during the post installation process. Therefore it is absolutely unnecessary to grant every permission and add the SDE user to every admin role under the sun. Sometimes it can even have an adverse effect on performance an usability. The SDE user will only need membership in the Public role. I promise.
It is recommended that the ArcSDE administrator and its schema only be used to manage and store ArcSDE system tables. You should create separate user schemas in which to store your ArcSDE data objects, such as feature classes and raster datasets. You should not store these objects in the ArcSDE administrator’s storage space, since you could possibly crash the ArcSDE service by filling up the ArcSDE administrator’s space. Following the practice of storing only system tables in the ArcSDE administrator’s storage space simplifies the management of ArcSDE.
Another good idea is to create a user with the necessary privileges to create and upgrade geodatabases. Like the SDE user, this account should not be used to create data.
- User permissions to upgrade a geodatabase.
- User permissions for geodatabases – Oracle
- User permissions for geodatabases – Sql Server
Basically, I beg you…although SYSADMIN or SERVERADMIN or GRANT DBA TO SDE sound really cool and powerful, it is 100% not necessary. I ask for just a little faith in the trusty ol’ post-install wizard. Faith that it will grow your SDE user and make it the best little geodatabase administrator it can be.