Re: Disable Sysadmin to view metadata in SQL2005

You cannot deny permissions to a sysadmin, so you cannot prevent him to
access information that, by definition, he is supposed to access.

You can, however, restrict who is a sysadmin and if you need other users to
perform administrative tasks, look at granting only the minimal permissions
required to perform those tasks. If the permissions are not granular enough,
look at granting access via signed code - this way you can avoid granting
the permissions required by the operation and instead you can grant EXECUTE
permission on code that "packs" the access to the operation.

Thanks

--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no rights.

"Dex" <dplaras@xxxxxxxxxxx> wrote in message
news:1153258018.919768.201370@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Tim,

There's a SQL statement in 2005 that disables users view access of the
metadata. I think it's View Any Database / View Server State/ View
Definition. My question is that if we can disable SA account to view
the metadata (tables, columns, etc)?

Thanks,
Dex

Tim Stahlhut wrote:
There better not be an option to do that; it would be insane to do it.

Tim S

"Dex" <dplaras@xxxxxxxxxxx> wrote in message
news:1153253585.004826.199140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Everyone,

Is there any way we can disable sysadmin/sa to view metadata on a
particular database in SQL2005?

Thanks,
Dex




.

Relevant Pages

  • Re: db_denydatawriter
    ... perhaps this also gives read write access on the database to this user? ... Resrictive permissions overrides in its own level. ... However, if she has sysadmin right, then she'll be able to modify that data. ... Is it possible she has some admin rights which override DenyWriter (though ...
    (microsoft.public.sqlserver.security)
  • Re: permissions required for executing CDOSys stored procedures
    ... he is by default member of the sysadmin server ... role on the SQL Server database unless steps are taken to prevent that. ... sysadmin and who has not been granted specific execute permissions on the ... it is possible to GRANT EXECUTE ON sp_OACreate TO ...
    (microsoft.public.sqlserver.security)
  • Re: Disable Sysadmin to view metadata in SQL2005
    ... given the fact that they have sysadmin rights to that box? ... If the permissions are not granular enough, ... I think it's View Any Database / View Server State/ View ... the metadata? ...
    (microsoft.public.sqlserver.security)
  • Re: Disable database diagram creation
    ... there are no permissions to public database role, ... when user trying to creaate diagram. ... owner or a member of the db_owner role (or a sysadmin). ... You can figure out the specific object permissions in the ...
    (microsoft.public.sqlserver.security)
  • Re: reiser4 plugins
    ... So if I want to share annotations, I have to look in 20 different ... >> wants to allow users to edit the description metadata for the file ... I can grant people permissions to write random info into my own files. ...
    (Linux-Kernel)