Re: Database protection

From: Uri Dimant (urid_at_iscar.co.il)
Date: 09/15/05

Next message: Sophie Guo [MSFT]: "RE: 0x80004005 - you need permission to view its data"
Previous message: Sophie Guo [MSFT]: "Re: Database protection"
In reply to: Rene: "Re: Database protection"
Next in thread: John Bell: "Re: Database protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 15 Sep 2005 12:08:15 +0300

Well, don't permit them to connect as Administrators if you want to
implement the policy.

Remove them from 'Windows Administrators' and add to the newly created Group
only for access to the specific database

"Rene" <nospam@nospam.com> wrote in message
news:uKoLoucuFHA.3720@TK2MSFTNGP14.phx.gbl...
> Thanks Uri
>
> But if the user is logged on to Windows as an Administrator, doesn't this
> user also has Admin right to the database by default? If this is the case,
> even if I create a new database user it won't help because the person
> logged into Windows as an administrator can automatically logging as "SA".
> Is this the right?
>
>
>
> "Uri Dimant" <urid@iscar.co.il> wrote in message
> news:eCCe1OcuFHA.3452@TK2MSFTNGP14.phx.gbl...
>> Rene
>> Create a new Login (DD) in SQL Server and and don't CRANT permission it
>> to the database. Now, when the user login with as DD he/she will not
>> be able access to the database
>>
>>
>>
>>
>> "Rene" <nospam@nospam.com> wrote in message
>> news:uwzGIpbuFHA.2072@TK2MSFTNGP14.phx.gbl...
>>> Is there a way to prevent users from logging into an MSDE database
>>> instance? I created an MSDE instance using a strong SA password but I
>>> was still able to logging to the database using Windows Authentication.
>>>
>>> The reason I don't want the user to see the database is because the
>>> database structure that I am distributing (MSDE) is exactly the same as
>>> the one I have online. If I let the user peek into my MSDE database they
>>> might find a way to mess-up the database that is online. I just don't
>>> want to take the risk.
>>>
>>> Also, is stored procedure encryption easily bypassed if I logon as a
>>> database administrator?
>>>
>>> Thanks.
>>>
>>>
>>
>>
>
>

Next message: Sophie Guo [MSFT]: "RE: 0x80004005 - you need permission to view its data"
Previous message: Sophie Guo [MSFT]: "Re: Database protection"
In reply to: Rene: "Re: Database protection"
Next in thread: John Bell: "Re: Database protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Dual Workgroup - Problem with creating administrators
... Every user must have permission to open the database. ... Administrators can have permission to open the database, ... If you use this workgroup, that user will now be able to enter any ...
(microsoft.public.access.security)
Re: Oracle memory allocation on Linux 2.6
... as well as system administrators are ... there is a tendency to cut the number of expensive workers in automobile ... Linux platform. ... database to date and Linux 2.6 is the most problems-prone Linux version ...
(comp.databases.oracle.server)
Re: Lost SA Password
... Try logging on as a member of the local Administrators group and ... executing the script with a trusted connection: ... BUILTIN\Administrators SQL Server login. ... > The 'sa' password is not known, and the default database ...
(microsoft.public.sqlserver.security)
Re: The importance of fully qualifying database objects in Queries, Functions etc.
... Even with Administrators, ... > -the people developing the database are Administrators who are seemingly ... > creating queries, tables, stored procedures etc. but just use an Access ...
(microsoft.public.access.adp.sqlserver)
Re: audit logging to database ?
... There are numerous products out there that log event logs to a database. ... The ability to clear the security log is jointly governed by permissions ... your question, no, administrators can't be restricted from doing this, ...
(comp.os.ms-windows.nt.admin.security)