October 29, 2007 at 11:26 am
sdfsd
October 30, 2007 at 3:03 am
Dear Steve
what i understand that you want to give a very limited rights to your developers ok and also you dont want lose winows authentication mode
because your most of the application use win auth mode okkk
now come to the solution
solution 1)
if u want to give a limited rights to ur developers
u may limited the rights of ur sql administrator like u may the backup user of ur administrator or give a right only rights to your administrator
make sure i am talking about your sql server administrator
that use windows account.
how u do that
just go to enterprise manager go security you will see the administrator account that lokk like BUILTINES\ADMINISTRATOR ok
if gona change the rights of administrator the system will not alow u
you have to delete first and remake this account with administrator name now you be able to change sql server administrator account rights.
Benifit.
through this thing no buddy will be able to directly connected with your
windows authentaction mode if they connectd but they have a very limited rights through this method u can easly manage your database in terms of security.
Contigency Plane.
if u feel u r in trouble just delete ur new admin account and create
the administrator account again through this text BUILTINES\ADMINISTRATOR no need to give any rights it will take automatically all rights.
Solution 2)
Being a professional database administrator it s not good to use a windows authenticatoin so you have to have a read only user for developers if the administrator want to manage the database that should have a SA password.
i have already mentioned you about how to restrict th administrator account ok i give u another solution
i suppose that you have SA password for any changes in database.
now we implement the security on the database and make a read only user
you know very well that every buddy can easly connect with the database through windows authentication mode
just go and drop the sql server BUILTENS\ADministrator account
now when u staart ur enterprise manger it give u a error message
access denied sql server can not connected .
at the same tim developer want to connect to the database it will do nothing now your database has been saved from the developer access.
but u need to conect you enterprise manager so that
we make a user that is only for read only purpose and developers can easly use this things
go and connect ur enterprise manager with SA account
and then create the user ABC thorugh enterprise manager
it give some rights like Deny right only and permit for read only
now you have a read only user you can give to any one
but first go to enter prise manager and conn with read only user that u have created.
after doing that your enterprise manager will save and your windows authentication issue wil resolved .
still you fel any problemm to do this thing
do reply me
Syed Muhammad Naeed
Database Administrator
October 30, 2007 at 3:26 am
I'm not sure about 2000 but in 2005, since with the windows authentication itself, we can restrict the users to the maximum possible extent by not allowing them to roam around with each & every menu within server.
Thus, the DBA is almost safe by the objects/schema of the database/server is not being disturbed un-necessarily.
With Windows domain account itself, one can give the writes for accessing the servers, and not necessarily that sql authentication should be allocated to the users.
Even if they the users are getting sql authentication, the exact database should be pointed against the user...
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply