Hello,
I'm the classic GIS Analyst turned self-taught DBA, so apologies if any of the terms I'm about to use are incorrect.
So, we have a new enterprise geodatabase I'll call the DEV database, and our current database I'll call the LIVE database. LIVE uses dbo ownership, and administrative tasks like schema changes are performed by a SA account called GISDBAdmin. As far as I can tell, GISDBAdmin is not the data owner but is able to make schema changes in ArcGIS Pro. LIVE was set up by someone else so I can only guess how it was set up by looking at the existing settings. DEV was built by me as a sde-owned database, and I created an account called GIS to be the data owner. I also added GISDBAdmin again as an SA account.
The issue is, historically we've performed maintenance during after-hours windows by unchecking the box that allows database connections and deleting the locks. We recheck it when maintenance is finished. This worked fine for LIVE where GISDBAdmin could both disable connections and make schema changes. But with DEV, GISDBAdmin can disable connections but can't edit the schema (despite being an SA), and GIS can edit the schema but can't disable connections. So, it's deadlocked.
I think there might be three possible options but I'm not sure which is the best one (or if they're all even possible):
1) Is there a setting or permission in ArcGIS Pro or SSMS that would let GISDBAdmin edit the schema? This is preferred if we can do it.
2) Alternatively, can (or should) I try to give GIS permission to disable connections? Can I just give GIS that permission or would it have to be part of a larger role change?
3) Is it best practice for us to settle for the disable services method and stop unchecking the disable connections box? I do have our services set up to allow schema changes, but there are still workflows where it's nice to ensure no users can suddenly connect.
Does anyone have any suggestions or advice on the best way to handle this? Thank you!
