Hi Everyone,
Is there any way we can disable sysadmin/sa to view metadata on a
particular database in SQL2005?
Thanks,
DexThere better not be an option to do that; it would be insane to do it.
Tim S
"Dex" <dplaras@.hotmail.com> wrote in message
news:1153253585.004826.199140@.75g2000cwc.googlegroups.com...
> Hi Everyone,
> Is there any way we can disable sysadmin/sa to view metadata on a
> particular database in SQL2005?
> Thanks,
> Dex
>|||Hi Tim,
There's a SQL statement in 2005 that disables users view access of the
metadata. I think it's View Any Database / View Server State/ View
Definition. My question is that if we can disable SA account to view
the metadata (tables, columns, etc)?
Thanks,
Dex
Tim Stahlhut wrote:[vbcol=seagreen]
> There better not be an option to do that; it would be insane to do it.
> Tim S
> "Dex" <dplaras@.hotmail.com> wrote in message
> news:1153253585.004826.199140@.75g2000cwc.googlegroups.com...|||You cannot deny permissions to a sysadmin, so you cannot prevent him to
access information that, by definition, he is supposed to access.
You can, however, restrict who is a sysadmin and if you need other users to
perform administrative tasks, look at granting only the minimal permissions
required to perform those tasks. If the permissions are not granular enough,
look at granting access via signed code - this way you can avoid granting
the permissions required by the operation and instead you can grant EXECUTE
permission on code that "packs" the access to the operation.
Thanks
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dex" <dplaras@.hotmail.com> wrote in message
news:1153258018.919768.201370@.m79g2000cwm.googlegroups.com...
> Hi Tim,
> There's a SQL statement in 2005 that disables users view access of the
> metadata. I think it's View Any Database / View Server State/ View
> Definition. My question is that if we can disable SA account to view
> the metadata (tables, columns, etc)?
> Thanks,
> Dex
> Tim Stahlhut wrote:
>|||Thank you so much! So what do you recommend/best practices in
deploying a system to another clients so that they won't see database
schemas, given the fact that they have sysadmin rights to that box? In
the data layer, we're implementing encryption in a couple of key fields
so that even sysadmin won't be able to see those info?
Thanks again for your help!
Dex
Laurentiu Cristofor [MSFT] wrote:[vbcol=seagreen]
> You cannot deny permissions to a sysadmin, so you cannot prevent him to
> access information that, by definition, he is supposed to access.
> You can, however, restrict who is a sysadmin and if you need other users t
o
> perform administrative tasks, look at granting only the minimal permission
s
> required to perform those tasks. If the permissions are not granular enoug
h,
> look at granting access via signed code - this way you can avoid granting
> the permissions required by the operation and instead you can grant EXECUT
E
> permission on code that "packs" the access to the operation.
> Thanks
> --
> Laurentiu Cristofor [MSFT]
> Software Design Engineer
> SQL Server Engine
> http://blogs.msdn.com/lcris/
> This posting is provided "AS IS" with no warranties, and confers no rights
.
> "Dex" <dplaras@.hotmail.com> wrote in message
> news:1153258018.919768.201370@.m79g2000cwm.googlegroups.com...|||In this case, you are looking for a DRM solution for your database. SQL
Server does not provide such a solution. This issue has also been discussed
in the following threads:
http://forums.microsoft.com/MSDN/Sh...=52094&SiteID=1
http://forums.microsoft.com/MSDN/Sh...371562&SiteID=1
Thanks
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dex" <dplaras@.hotmail.com> wrote in message
news:1153259304.913735.140010@.p79g2000cwp.googlegroups.com...
> Thank you so much! So what do you recommend/best practices in
> deploying a system to another clients so that they won't see database
> schemas, given the fact that they have sysadmin rights to that box? In
> the data layer, we're implementing encryption in a couple of key fields
> so that even sysadmin won't be able to see those info?
> Thanks again for your help!
> Dex
> Laurentiu Cristofor [MSFT] wrote:
>
没有评论:
发表评论