February 25, 2009 at 3:13 pm
I have the following situation:
My company (A) is going to host the sql server databases from another company (B), both belong the same propietary.
By requirements from the managers, they want the DBA is unable to read the data from the databases hosted, but he can do other administrative tasks (backup, monitor, kill sessions, assign space, etc.)
The managers indicate that this is due to the confidentiality of data from the company B.
Is it possible that the administrator (for example one user with sysadmin server rol) is restricted from reading the data from the tables.
If is not possible, is there another workaround ?
In an instalation of SQL Server 2008, Is it necesary that at least one account has the sysadmin server rol ?
Thanks in advance
February 25, 2009 at 3:20 pm
For the DBA to perform most of his/her work, there are times that they need SysAdmin rights. With this, all data is accessible. What this points to is the need for trust (and possibly the lack of in the DBA).
Most DBAs that i know do not spend time "looking" at the data in their systems except when working on potential data errors where they need to validate data and some data changes.
February 26, 2009 at 6:13 am
In general DBA's are considered trusted employees because they can access the data. That's one of the reasons the job pays more. If they can't trust the DBA, time to hire a new one.
----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software
February 26, 2009 at 8:26 am
You may be interested in this blog post by Brian Kelley: http://qa.sqlservercentral.com/blogs/brian_kelley/archive/2009/02/20/you-must-trust-your-dbas.aspx
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
February 26, 2009 at 2:18 pm
The short answer is no, you can't put in anything to prevent them from querying the data if you want them to do those other things. However, you can monitor them. This is most often accomplished using 3rd party tools. SQL Server 2008 Enterprise Edition has the Audit object, and you can set a database audit specification which would monitor SELECT queries against tables and views. However, a DBA could shut down the audit or the audit specification, meaning you'd have to be watching for that, too.
K. Brian Kelley
@kbriankelley
February 26, 2009 at 9:26 pm
Grant Fritchey (2/26/2009)
In general DBA's are considered trusted employees because they can access the data. That's one of the reasons the job pays more. If they can't trust the DBA, time to hire a new one.
Absolutely spot on. And, I'm also amazed that companies don't do a full background check on their DBA's. At the very least, I'd prefer to have DBA's that are "bondable".
--Jeff Moden
February 27, 2009 at 5:41 am
Jeff Moden (2/26/2009)
Absolutely spot on. And, I'm also amazed that companies don't do a full background check on their DBA's. At the very least, I'd prefer to have DBA's that are "bondable".
Actually, I've been bonded several times. It's evidently easy to pass. 😎
Of course, I'm such a bad person that I get a state criminal investigation once a year (CORI checks because I'm a Scout leader) and a federal check every time I make a purchase (NICS check for firearms). I pass 'em all with flying colors every time.
Seriously though, you should hire squeaky clean DBA's and then, quite simply, trust but verify from that point forward.
----------------------------------------------------The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood... Theodore RooseveltThe Scary DBAAuthor of: SQL Server 2017 Query Performance Tuning, 5th Edition and SQL Server Execution Plans, 3rd EditionProduct Evangelist for Red Gate Software
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply