Revoke/deny SOX issue
From: jaylou (jaylou_at_discussions.microsoft.com)
Date: 07/20/05
- Next message: Hari Prasad: "Re: Restricting domains from which a user can login using SQL Server login"
- Previous message: Joubert Nel: "Re: Restricting domains from which a user can login using SQL Server login"
- Next in thread: Jasper Smith: "Re: Revoke/deny SOX issue"
- Reply: Jasper Smith: "Re: Revoke/deny SOX issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Jul 2005 12:43:07 -0700
Hi all,
Either revoke/deny doesnt work or I dont understand the concept correctly.
I need to separate the duties of SA and DBO for SOX :(
I am planning on creating 2 new roles in every database. Securityadmin and
DataAdmin.
In testing this I set myself up as a user of a test DB, as a member of
Public I can do everything in the DB as if I was SA.
I tried to deny all rights to my username, and to Public. After doing so I
was still able create insert, update, blah, blah...
I have tried all of the following:
DENY CREATE TABLE TO public
DENY SELECT, INSERT, UPDATE, DELETE
ON testrights
TO PUBLIC --username
REVOKE ALL ON testrights TO jfischer
I don't understand why I can still do everything on the server.
TIA,
Joe
- Next message: Hari Prasad: "Re: Restricting domains from which a user can login using SQL Server login"
- Previous message: Joubert Nel: "Re: Restricting domains from which a user can login using SQL Server login"
- Next in thread: Jasper Smith: "Re: Revoke/deny SOX issue"
- Reply: Jasper Smith: "Re: Revoke/deny SOX issue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
