How to deny SQL administrator to read data?
SanjaSanja,
Give him a job change.
Seriously, anyone who has sysadmin rights can read any data in the server.
You have to manage this by endeavoring to ensure the ethics and reliability
of your administrator. If you cannot do this, then you have problems. (See
the suggestion above.)
The only other option is to look into encrypting data, but that has its own
load of grief.
Russell Fields
"Sanja Krstic" <sanjakrstic@.hotmail.com> wrote in message
news:OXhsZ1YTEHA.1048@.tk2msftngp13.phx.gbl...
> As I sad.
> How to deny SQL administrator to read data?
> Sanja
>|||Hi,
Only solution which come to my mind is that you have to become the SYSADMIN
and doall the DBA activities. Otherwise some how a person with sysadmin role can
access every thing.
FYI, Keep belief in your DBA, he never do any thing harm
Thanks
Hari
MCDBA
"Sanja Krstic" <sanjakrstic@.hotmail.com> wrote in message
news:OXhsZ1YTEHA.1048@.tk2msftngp13.phx.gbl...
> As I sad.
> How to deny SQL administrator to read data?
> Sanja
>|||To extend your idea, make wise use of roles defined in SQL server.
There are many predefined role so the origional poster need not always
assign sysadmin role to users.
Maybe create a new role with db_denydatareader is good. (not tested so not
sure if it works)
"Hari" <hari_prasad_k@.hotmail.com> bl
news:exXKk6dTEHA.1508@.TK2MSFTNGP11.phx.gbl g...
> Hi,
> Only solution which come to my mind is that you have to become the
SYSADMIN
>
and do> all the DBA activities. Otherwise some how a person with sysadmin role can
> access every thing.
> FYI, Keep belief in your DBA, he never do any thing harm
> --
> Thanks
> Hari
> MCDBA
> "Sanja Krstic" <sanjakrstic@.hotmail.com> wrote in message
> news:OXhsZ1YTEHA.1048@.tk2msftngp13.phx.gbl...
>|||Hi Lau Lei Cheong,
No, you cant restrict a user with SYSADMIN role.Even if you deny SYSADMIN
user, he will be able to select and update the objects. So no one can
restrict the user with SYSADMIN role.
--
Thanks
Hari
MCDBA
"Lau Lei Cheong" <lau_lc@.yahoo.com.hk> wrote in message
news:url9ECeTEHA.3924@.TK2MSFTNGP10.phx.gbl...
> To extend your idea, make wise use of roles defined in SQL server.
> There are many predefined role so the origional poster need not always
> assign sysadmin role to users.
> Maybe create a new role with db_denydatareader is good. (not tested so not
> sure if it works)
> "Hari" <hari_prasad_k@.hotmail.com> bl
> news:exXKk6dTEHA.1508@.TK2MSFTNGP11.phx.gbl g...
> SYSADMIN
can[vbcol=seagreen]
>|||Oh, what I really mean is to create a new role with simply all rights you
need the user to have but not datareader. Anyway, this is just some thoughts
that haven't been tested.
"Hari" <hari_prasad_k@.hotmail.com> bl
news:O404VbhTEHA.1172@.TK2MSFTNGP11.phx.gbl g...
> Hi Lau Lei Cheong,
> No, you cant restrict a user with SYSADMIN role.Even if you deny SYSADMIN
> user, he will be able to select and update the objects. So no one can
> restrict the user with SYSADMIN role.
> --
> Thanks
> Hari
> MCDBA
> "Lau Lei Cheong" <lau_lc@.yahoo.com.hk> wrote in message
> news:url9ECeTEHA.3924@.TK2MSFTNGP10.phx.gbl...
not[vbcol=seagreen]
> can
>
No comments:
Post a Comment