August 25, 2005 at 7:03 am
Has anyone created a process to monitor access to highly sensitive data? We can easily detect "update" but not 'select' access.
We looked into Entegra by Lumigent Technologies and the price is to steep.
My immediate thought is to turn the profiler on which will cause an enormous overhead.
Appreciate any feedback you may have.
Thanks,
Ivan
August 25, 2005 at 9:20 am
Can you use security to limit the users that have select permissions. IS it just a few tables you're concerned about ?
August 25, 2005 at 11:11 am
There are just a few tables, however, they all hold super sensitive information. The key issue is that no one, including all DBAs, should read the data outside the application.
August 26, 2005 at 2:10 am
The only thing I've seen of this nature is a trace set up to monitor SELECT access of particular tables/fields and write this to a file. Periodically load and check the files.
Obviously you have to make sure that any stored procs, views or functions that access the data are included in the trace filter.
A little crude but effective.
August 26, 2005 at 5:47 am
I totally agree with you, monitoring for and tracking 'select' statements appears to be the only solution at this point. I have placed a call to MS and have asked for suggestions. If I get some ideas I will post them here.
Thanks for your input nonetheless.
August 27, 2005 at 9:23 am
There is an option in SQL2K to have application role-based security. I don't recall the details of setting that up, but I'm sure that you would grant select access to the sensitive data to the application role, and deny access to everyone else. Searching the net will probably turn up a tutorial or sample code.
So long, and thanks for all the fish,
Russell Shilling, MCDBA, MCSA 2K3, MCSE 2K3
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply