How to restict SELECT permission on table for sysadmin users... SQL server 2000

  •  I'm working on some bank project, were in client not intreted even DBA'S (with Sysadmin) permission to view some of his table data.

    Can any one had answer for this ??? - URGENT

    Venkat,

    venkat_26178@rediffmail.com

  • You can't stop someone with SA privileges from viewing the data. You can however encrypt it. Actually if you don't trust your DBA's (they only should be SA) you have a whole lot more problems than only the data.

    --
    Frank Kalis
    Microsoft SQL Server MVP
    Webmaster: http://www.insidesql.org/blogs
    My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

  • Frank is spot on, as usual. Anyone mapped to dbo in a given database (such as the true database owner) ignores all permissions to include DENY within that database. Since members of the sysadmin role map to dbo, they too ignore any permissions that may have been set. Therefore, the only choice you have is encryption. And if DBAs can't look at it, you're going to have to look at encryption at the application level.

    K. Brian Kelley
    @kbriankelley

  • If the data is so valuable that no one should be able to browse it, it should be encrypted.

    If you don't want DBA's to be able to select data from the table, don't make them sysadmins. Give DBA's restricted access to the database, and follow some strict security guidelines for the SA account. (Change password regularly, Store it somewhere safe, make sure only a restricted list of people can have access to it, and audit all actions).


    Julian Kuiters
    juliankuiters.id.au

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply