Re: Not using SA - Then what?
From: Chris Beardsley (clb39@nospam-cornell.edu)
Date: 05/31/02
- Next message: Richard Waymire [MS]: "Re: Not using SA - Then what?"
- Previous message: Johan: "SQL Server Security: NT Groups"
- In reply to: lindawie: "Re: Not using SA - Then what?"
- Next in thread: Richard Waymire [MS]: "Re: Not using SA - Then what?"
- Reply: Richard Waymire [MS]: "Re: Not using SA - Then what?"
- Reply: Sue Hoegemeier: "Re: Not using SA - Then what?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Chris Beardsley" <clb39@nospam-cornell.edu> Date: Fri, 31 May 2002 14:37:14 -0400
> You can add developers to the db_owner role and use Windows
> authentication.
> Any objects they create will be owned by dbo.
This is the morsel of information I was seeking. But it sounds to me like I
have much more to learn about good security practices... Sue's point of
using a template for building objects and your (Linda's) point about having
them build the objects then someone with the proper credentials impliment
the code through query analyzer sounds like a solid framework for security
and quality assurance. Now - any idea where I can begin reviewing sample
templates ; ) ?
Thank you both for your input. Sue - and thank you for some of your other
responses which I also gained knowledge from.
Chris
"lindawie" <lindawie@my-deja.com> wrote in message
news:uX#FsiLCCHA.2656@tkmsftngp05...
> Chris,
>
> > I have read that people should not be using SA for anything. How then
> > do I have multiple developers/managers login to enterprise manager
> > etc but have all the objects owned by dbo (we each have diff NT
> > logins)? If SA is stored in clear text in some situations, wouldn't
> > all uid/pswrd combo's appear in clear text?
> >
> > We have wrestled with people making and therefore owning objects, and
> > causing headaches in the past...
>
> Change the SA password and don't give it to anyone.
>
> You can add developers to the db_owner role and use Windows
> authentication.
> Any objects they create will be owned by dbo.
>
> A much better approach is to have developers write scripts to create all
> objects and then you execute the scripts either in Query Analyzer or
> in batch using osql.
>
> Linda
>
>
- Next message: Richard Waymire [MS]: "Re: Not using SA - Then what?"
- Previous message: Johan: "SQL Server Security: NT Groups"
- In reply to: lindawie: "Re: Not using SA - Then what?"
- Next in thread: Richard Waymire [MS]: "Re: Not using SA - Then what?"
- Reply: Richard Waymire [MS]: "Re: Not using SA - Then what?"
- Reply: Sue Hoegemeier: "Re: Not using SA - Then what?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
