object creation in production db

  • I have a third party application that I support. I have a production db that I don't want to allow object creation in. The problem is that the vendor has hard coded some ids and passwords that some developers know and I can't change without the app failing. Is there a best practice on how I can have an alert sent to me when some alters/adds to the structure of the db? Thanks.

  • The methods discussed in the following article can be used

    http://www.sqlservercentral.com/columnists/rmarda/letsblockthedba.asp

    Of course the instant you use them you will probably breach your support agreement.

    Does your 3rd party app need the rights to create objects? If not then remove those rights from the role used by the app.

  • i can't alter the rights of the users they use and dropping tables (gulp) hasn't been the issue. i can't stop them from creating the objects. I would just like to track it somehow automatically and be alerted to this.

  • There should be a policy that dictates that developers has no business being in the prod system in the first place..?

    If that is the case, you could poll master..sysprocesses and log 'suspicious' connections to your own audit table. If they are all using a common login, you could id by networkid (MAC address). The purpose would be to just 'watch' if they behave according to policy or not.

    If you're in hte position of being able to go SQL 2005 in the near future, the new DMV's provided there will probably solve all your current problems.  

    /Kenneth

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply