June 9, 2014 at 8:11 am
I have created a trigger to stop someone from dropping or creating a new database that works fine. However, recently I restored over a database that was replicated. I have now been asked if I can create a trigger that will block restoring over an existing database. I thought my trigger would stop these things but after testing I can still restore over existing databases without conflicting with the trigger. I know that restore_database clause is not an option when creating the trigger, so I am wondering if any other users have a found a way to do this? As you can see this one is for a specific user, I will figure out how to specify a specific next.
Thanks for any help. This is what I have so far.
/****** Object: DdlTrigger [ddl_StopDoingThat] Script Date: 06/09/2014 09:38:21 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [ddl_StopDoingThat]
ON ALL SERVER
FOR CREATE_DATABASE, DROP_DATABASE
AS
IF SUSER_SNAME() = 'domain\user'
BEGIN
PRINT 'You must disable Trigger "StopDoingThat" to create databases!'
ROLLBACK
END
GO
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO
June 9, 2014 at 8:19 am
I'm not sure if you can do that, but why don't you remove the permissions to restore backups on the database for that user?
June 9, 2014 at 8:19 am
Not possible, because DDL triggers are AFTER triggers. They fire after the action has completed. Any trigger which fired after a restore database had run would not be able to undo the restore, you can't roll back a restore.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
June 9, 2014 at 8:32 am
Don't bother with the trigger. Grant the user CREATE ANY DATABASE, but make sure he/she/it is not (a) the owner of any database you don't want overwritten, (b) a member of sysadmin and (c) a member of dbcreator.
John
June 9, 2014 at 8:41 am
Thanks for the quick answers.
If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?
June 9, 2014 at 8:43 am
Because you can roll back a DROP DATABASE, but not a RESTORE.
John
June 9, 2014 at 8:44 am
Changing permissions is the best way to handle this I agree, but a surprisingly slow battle. A large chunk of people run with SysAdmin even though only DBA's should have this privilege.
June 9, 2014 at 8:46 am
If it's not possible then I guess I'll stop trying to find a way and let the requester know. Thanks, this was quick 🙂
June 9, 2014 at 9:11 am
lmacdonald (6/9/2014)
If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?
Because you can run a drop database within a transaction, the 'results' (the files being deleted) does not happen unless the transaction is committed, if you roll back the transaction the files are never dropped.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
November 26, 2019 at 8:24 am
Hi,
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
November 26, 2019 at 8:28 am
I have the same problem (almost), but it`s not about permission, I need to stop everyone from doing a restore operation in production server (business requirement after an accidental restore), now here is the catch:
The restore_database clause is not an option if we go for trigger, then how to accomplish this? Any help will be highly appreciated.
Thx
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
November 26, 2019 at 9:19 am
As has been said above, you can't stop people from doing this if they have the necessary permissions. Restrict who has SSMS installed on their desktop. Make sure all databases have a connection to them so that you can't accidentally overwrite a database. Back up your databases with sufficient regularity that you can recover from such unfortunate events.
John
November 26, 2019 at 9:33 am
@john-2 Mitchell, Thanks for the reply! The accidental restore was done by a 3rd party powerful tool not SSMS, even worse the REPLACE & drop current connections options were chosen in that tool. The frequent backup intervals that saved the database later.
Actually so far I can see my only option here is to use a different account for restores with no one has it`s password except with only one person in-charge, see below link: https://dba.stackexchange.com/questions/53995/prevent-sysadmin-from-doing-a-database-restore
BR,
Hany
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
November 26, 2019 at 9:54 am
db_backupoperator
Members of the db_backupoperator fixed database role can back up the database.
I guess that would be enough privilege to perform the backup but CANNOT DO RESTORES!
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
Viewing 14 posts - 1 through 13 (of 13 total)
You must be logged in to reply to this topic. Login to reply