Tuesday, February 14, 2012

Deny Administrator Access to DB

Hey all,
I am developing an application to track very sensitive company personnel
information. This of course raised the issue of protecting this sensitive
information from everyone not authorized to see it.....including the DB
Administrator. The DB Server (SQL 7) has many databases on it, but the
System Administrator must not be able to access the data in those tables
containing the sensitive information. I have tried denying an SA user
rights to SELECT from a table, but I could still select and view all the
data.
Any ideas?
Jeremy Byron
jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
In article <7FF1D2C9B9DB6525.1907DEF59F04D933.8248BD072E33C3A D@.lp.airnews.net>,
Moi <moi@.here.com> wrote:
>Hey all,
>I am developing an application to track very sensitive company personnel
>information. This of course raised the issue of protecting this sensitive
>information from everyone not authorized to see it.....including the DB
>Administrator. The DB Server (SQL 7) has many databases on it, but the
>System Administrator must not be able to access the data in those tables
>containing the sensitive information. I have tried denying an SA user
>rights to SELECT from a table, but I could still select and view all the
>data.
>
AFAIK, this is not possible. Much like the root user in UNIX, sa must and
does, have access to everything.
|||Actually there may be a way:
1. setup a username and role for yourself with the appropriate rights.
2. have someone who should have access to the information change the sa
password at the console.
The downside is that if you ever need to do something with SA privledges,
you will need to have the person who created the password give it to you so
you can get in and do whatever you have to do.
This is more secure, but no foolproof. A sly DBA will be able to setup
their role in such a way that they won't need the SA password.
Tom
Moi <moi@.here.com> wrote in message
news:7FF1D2C9B9DB6525.1907DEF59F04D933.8248BD072E3 3C3AD@.lp.airnews.net...
> Hey all,
> I am developing an application to track very sensitive company personnel
> information. This of course raised the issue of protecting this sensitive
> information from everyone not authorized to see it.....including the DB
> Administrator. The DB Server (SQL 7) has many databases on it, but the
> System Administrator must not be able to access the data in those tables
> containing the sensitive information. I have tried denying an SA user
> rights to SELECT from a table, but I could still select and view all the
> data.
> Any ideas?
> Jeremy Byron
> jbyron@.cynaptec.nb.ns.ca <remove ns to email me>
>

No comments:

Post a Comment