User security
-
We have a 3rd party application that requires the users database role to be "db_owner", fixed database role. It's running on SQL 2000 using Windows Authentication, since only department is using this application I'm using the AD group account. The vendor is not being too helpful in locking down the db and I'm concerned that all it takes is one skilled user to cause some major problems. Any suggestions will help.
-
Backup your database frequently
I have had to deal with this in the past. I would recommend that you discuss this with the application vendor and ask if DDL_Admin, etc, are enough. At least this way you do not need to grant db_owner, which is ridiculous.
I've found that most software vendors that "require" db_owner for their software are usually just ignorant. They've never tested the application with anything else, thus assume db_owner is the catch all, and they document it as a requirement. Make them do the legwork to determine the software's true security requirements. After all you paid them for the software and they want to retain you as a client, so make them do the work.
A.J.
DBA with an attitude
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply