Re: SQL Server
From: Brett Karst (karst.brett@mayo.edu)
Date: 11/24/02
- Next message: BP Margolin: "Re: SQL Server"
- Previous message: Mary Chipman: "Re: SQL Server "sa" Account"
- In reply to: Mary Chipman: "Re: SQL Server "sa" Account"
- Next in thread: BP Margolin: "Re: SQL Server"
- Reply: BP Margolin: "Re: SQL Server"
- Reply: Stamey: "Re: SQL Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Brett Karst <karst.brett@mayo.edu> Date: Sun, 24 Nov 2002 12:09:39 -0800
Thanks for the articles. I agree with you that the situation under
which the sa account was being used was inappropriate. When I asked the
administrators to create separate accounts, they argued that:
1. The standard SQL Server audit logs only indicate when a user logged
on/off; not what they did. Utilizing the enhanced SQL Server auditing
("Profile"?) may require too many system resources, even if they were to
just log the details of the individual sa accounts because the logging
mechanism would have to verify whether each transaction was performed by
an sa-privileged account.
2. Server upgrades and other tasks require the user to log in as "sa",
so the account cannot be removed. This was the part that I was
wondering about, and if it were true. They are somewhat open to the
envelope method mentioned in the references you cited.
Thanks again for your help.
*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
- Next message: BP Margolin: "Re: SQL Server"
- Previous message: Mary Chipman: "Re: SQL Server "sa" Account"
- In reply to: Mary Chipman: "Re: SQL Server "sa" Account"
- Next in thread: BP Margolin: "Re: SQL Server"
- Reply: BP Margolin: "Re: SQL Server"
- Reply: Stamey: "Re: SQL Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
