Re: Disable Sysadmin to view metadata in SQL2005

In this case, you are looking for a DRM solution for your database. SQL
Server does not provide such a solution. This issue has also been discussed
in the following threads:

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=52094&SiteID=1

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=371562&SiteID=1

Thanks

--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no rights.

"Dex" <dplaras@xxxxxxxxxxx> wrote in message
news:1153259304.913735.140010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thank you so much! So what do you recommend/best practices in
deploying a system to another clients so that they won't see database
schemas, given the fact that they have sysadmin rights to that box? In
the data layer, we're implementing encryption in a couple of key fields
so that even sysadmin won't be able to see those info?

Thanks again for your help!
Dex

Laurentiu Cristofor [MSFT] wrote:
You cannot deny permissions to a sysadmin, so you cannot prevent him to
access information that, by definition, he is supposed to access.

You can, however, restrict who is a sysadmin and if you need other users
to
perform administrative tasks, look at granting only the minimal
permissions
required to perform those tasks. If the permissions are not granular
enough,
look at granting access via signed code - this way you can avoid granting
the permissions required by the operation and instead you can grant
EXECUTE
permission on code that "packs" the access to the operation.

Thanks

--
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/

This posting is provided "AS IS" with no warranties, and confers no
rights.

"Dex" <dplaras@xxxxxxxxxxx> wrote in message
news:1153258018.919768.201370@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Tim,

There's a SQL statement in 2005 that disables users view access of the
metadata. I think it's View Any Database / View Server State/ View
Definition. My question is that if we can disable SA account to view
the metadata (tables, columns, etc)?

Thanks,
Dex

Tim Stahlhut wrote:
There better not be an option to do that; it would be insane to do it.

Tim S

"Dex" <dplaras@xxxxxxxxxxx> wrote in message
news:1153253585.004826.199140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi Everyone,

Is there any way we can disable sysadmin/sa to view metadata on a
particular database in SQL2005?

Thanks,
Dex





.

Relevant Pages

  • RE: Backups have Shadow Copy Problems
    ... and restarted the server. ... suggested and changed the recovery model to simple on the one database called ... I understand the issue to be: the backup task failed ... You back up data from a volume that contains a Microsoft SQL Server ...
    (microsoft.public.windows.server.sbs)
  • Re: SQL CE Synching Problems
    ... Have you granted IUSER_ServerName access to your publication within SQL ... It looks like the permissions problem is getting access to the publication. ... so the issue has to be between the server tools and the publisher. ... > A request to send data to the computer running IIS has failed. ...
    (microsoft.public.sqlserver.ce)
  • Re: upsizing to sql 2005
    ... the word SERVER in it, ... You can access to the database by multiple means (Access, ... and how does it update the SQL database with the new records in Access? ... Query Name: Arcadia - ARC ...
    (microsoft.public.access.queries)
  • Re: Linked Tables in Access
    ... any use of SQL Passthru, Linked Tables or any other use of MDB / MDE ... server, or would I also need to convert *those* queries to passthrough ... I've been trying to understand why Access database files become corrupt. ...
    (microsoft.public.access.adp.sqlserver)
  • Re: Trouble Getting VS.Net 2003 WalkThroughs MSDE Connection
    ... Config Tool of SQL Server? ... > link to download the PUBs database. ... >>> Setup and they directed me to install MSDE and they attached a ...
    (microsoft.public.sqlserver.msde)