The rights needed for the service accounts are outlined in
the following:
HOW TO: Change the SQL Server or SQL Server Agent Service
Account Without Using SQL Enterprise Manager in SQL Server
2000
http://support.microsoft.com/?id=283811

If the dba just runs Enterprise Manager...that's not a good
thing. But in that case, the dba could just be a member of
the sysadmins group in SQL Server.

-Sue

Hi
http://vyaskn.tripod.com/sql_server_security_best_practices.htm  --------security
best practices

In addition to what the other respondents have put forth, this will also be
determined by who has ultimate responsibility for the availability of the
data.

Yes, you can secure the SQL Server as system software; however, it is the
DBA who must monitor (Performance Counters), patch (Service Packs and hot
fixes), and provide for recoverability (Backup and Restore), most of which
will require the DBA to have local Administrator rights.

Usually, we have cooperation with our Server team, they maintain the Server
and OS, we maintain the DBMS, but we are both local Administrators.  The
Server team members are Domain and/or Enterprise Administrators, the DBAs
are not.  The DBAs are DBMS system administrators, the Server team is not.
It is at the server and OS level that we share responsibilities.

We have also found that many Server Administrators do not have the
experience nor skills to properly administrate a DBMS server.  So, although
they do the hardware and OS level work, it is through the guidance of the
DBA group.

Sincerely,

Anthony Thomas

Can someone please let me know what are the best practices for securing a
sql server?  The department is split - I have dba's and network analysts.
The dba's are responsible for sql and the network analysts are responsible
for the os.

What rights are required for the service accounts?
What rights does the dba need on the server to run Enterprise Manager?