September 26, 2008 at 12:40 am
Hello.
I use a symmetric key (by certificate) to encrypt data. I want to grant access to users who have an specific rol. But I notice that administrators and sa always can decrypt the data.
Is it possible to deny access to the symmetric key to administrator users and also to sa?
Is there any different way to do that?
Regards,
Toni.
September 30, 2008 at 5:21 pm
Perform the encryption operations external to SQL Server is the only thing I have ever seen recommended. System Administrators have the keys to the kingdom, it is one of the things inherent with the job. It is why SOX and PCI require realtime audits/tracing to run that monitor SQL Server Administrators and what they touch.
Jonathan Kehayias | Principal Consultant | MCM: SQL Server 2008
My Blog | Twitter | MVP Profile
Training | Consulting | Become a SQLskills Insider
Troubleshooting SQL Server: A Guide for Accidental DBAs[/url]
October 1, 2008 at 12:15 am
Thank you very much for your response.
I'll have to find a solution to application level.
Thank you,
Toni.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply