June 24, 2011 at 4:19 am
Hi,
I have a requirement to restrict everyone (including DBA) from accessing user defined sql server database objects (like tables/function/views/stored procedures triggers etc). No one should be able to select/modify/delete/drop/disable these database objects from any sql client. These should only be accessible from application. I searched on net and found following:
1. logon triggers : this is a server level trigger which blocks the user (you can modify to block dba well) to logon on the database server. But the same server may have other application database as well and using this user wont be able to login to other db as well. so this is out of scope.
2. DENY permission: as per my R&D results, we cant apply deny permission on sa / dba. let me know if this is possible and how.
3. DB level trigger: we can create database level triggers and roll back the action if any of above mentioned event occur. but DBA can disable the trigger can can access db objects after that.
4. sp_addextendedproperty: using this stored procedure, we can hide user defined tables in SSMSE. but no control over command line. The DBA can login through sql prompt and can execute commands to view table structure and other objects.
Does anyone have any idea on how to restrict any user (especially DBA) from accessing sql server database objects.
PS: I am using SQL Server 2005/2008.
Thanks,
Bhawna
June 24, 2011 at 5:54 am
Cross posting is unnecessary and fragments answers.
continue in this thread
August 20, 2011 at 11:01 am
Hi - Ive got the same needs !- any chance you can send me a sample script to hide a table using sys.sp_addextendedproperty
help appreciated
cheers
Ian
August 20, 2011 at 1:01 pm
Ian Truman (8/20/2011)
Hi - Ive got the same needs !- any chance you can send me a sample script to hide a table using sys.sp_addextendedpropertyhelp appreciated
cheers
Ian
Not possible. Please read the thread linked a couple posts above.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply