blocking folks from using a linked server and plumbing one to specific dsn
-
hi, as we get further and further into netsuite connectivity, we want to block just about everyone (dbas, myself etc etc) from using a certain linked server that is plumbed to a production accounting instance of netsuite. Presumably plumbed to a dsn set up with the creds to see data there.
I think i have half the question answered (the deny) at this link https://stackoverflow.com/questions/3136015/sql-server-how-to-deny-users-access-to-linked-servers and also shown below.
but what can we do to stop myself, a dba etc from creating another linked server that plumbs to the forbidden dsn? so far im finding nothing. i will post the answer here if i stumble on it.
- This topic was modified 1 month, 2 weeks ago by stan. Reason: image wasnt showing, trying again
-
you can't - and if you don't trust your dba's not to use it then change the process of accessing that linked server so that it is on a black box without means for a dba to access it other than through a application.
and change access to that server to be locked away and only used by authorized persons to see the underlying data.
and.. DO NOT use DSN's with that type of access - if data needs to flow from one server to another use a job that gets its own connection string built, with user details/password stored on a safe that no one unauthorized has access to, and copy the required data across.
plenty of ways to do it.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply