Deny Administrator Access to DB
Moi
I am developing an application to track very sensitive company personnel
information. This of course raised the issue of protecting this sensitive
information from everyone not authorized to see it......including the DB
Administrator. The DB Server (SQL 7) has many databases on it, but the
System Administrator must not be able to access the data in those tables
containing the sensitive information. I have tried denying an SA user
rights to SELECT from a table, but I could still select and view all the
data.
Any ideas?
Jeremy Byron
jby...@cynaptec.nb.ns.ca <remove ns to email me>
Anthony Mandic
Moi wrote:
> I am developing an application to track very sensitive company personnel
> information. This of course raised the issue of protecting this sensitive
> information from everyone not authorized to see it......including the DB
> Administrator. The DB Server (SQL 7) has many databases on it, but the
> System Administrator must not be able to access the data in those tables
> containing the sensitive information. I have tried denying an SA user
> rights to SELECT from a table, but I could still select and view all the
> data.
You would need to encrypt your data at the application level.
This way only the application's authorised users would be able
to unencrypt it.
-am
Mark J Turner
Moi <m...@here.com> wrote:
>Hey all,
>
>I am developing an application to track very sensitive company personnel
>information. This of course raised the issue of protecting this sensitive
>information from everyone not authorized to see it......including the DB
>Administrator. The DB Server (SQL 7) has many databases on it, but the
>System Administrator must not be able to access the data in those tables
>containing the sensitive information. I have tried denying an SA user
>rights to SELECT from a table, but I could still select and view all the
>data.
>
AFAIK, this is not possible. Much like the root user in UNIX, sa must and
does, have access to everything.
Tom
1. setup a username and role for yourself with the appropriate rights.
2. have someone who should have access to the information change the sa
password at the console.
The downside is that if you ever need to do something with SA privledges,
you will need to have the person who created the password give it to you so
you can get in and do whatever you have to do.
This is more secure, but no foolproof. A sly DBA will be able to setup
their role in such a way that they won't need the SA password.
Tom
Moi <m...@here.com> wrote in message
news:7FF1D2C9B9DB6525.1907DEF5...@lp.airnews.net...
> Hey all,
>
> I am developing an application to track very sensitive company personnel
> information. This of course raised the issue of protecting this sensitive
> information from everyone not authorized to see it......including the DB
> Administrator. The DB Server (SQL 7) has many databases on it, but the
> System Administrator must not be able to access the data in those tables
> containing the sensitive information. I have tried denying an SA user
> rights to SELECT from a table, but I could still select and view all the
> data.
>
EIS
fired, and replaced by you! You cannot survive without your DBA.
msnews.microsoft.com
HOWEVER - you CAN log the users that view the data.
For the tables that contain sensitive information, you can put a trigger on
the select, update, and delete to generate a log entry.
Of course, you would ask - "But the DBA can delete those rows". Sure they
can - but you can also log it so that you also have it generate a MSMQ
transaction where you can have a service that processes those records into
an external file store.
I would also reccommend seeing the July 2004 edition of SQL Server
Magazine - p.15 on "Privacy Matters" for some other suggestions as well.
=-Chris
Aaron [SQL Server MVP]
Are you sure about that? Books Online doesn't seem to agree:
CREATE TRIGGER trigger_name
ON { table | view }
[ WITH ENCRYPTION ]
{
{ { FOR | AFTER | INSTEAD OF } { [ INSERT ] [ , ] [ UPDATE ] [ , ] [
DELETE ] }
--
http://www.aspfaq.com/
(Reverse address to reply.)