Re: Changing security authentication type.
- From: "Stu" <stu@xxxxxxxx>
- Date: Mon, 11 Sep 2006 18:59:48 +0100
ok, many thanks for the reply.
So in short you're saying to keep the "mixed" authentication, but to secure
the server down, the best path to take is to create an AD DBA group, and
configure key users to be in that group?
furthermore, to leave the sa account's permissions well alone!
"Arnie Rowland" <arnie@xxxxxxxx> wrote in message
news:%23tasa7b1GHA.480@xxxxxxxxxxxxxxxxxxxxxxx
Inline...
--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
"Stu" <stu@xxxxxxxx> wrote in message
news:%23E25Hpb1GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
in an existing instance of SQL, will changing the security authentication
from SQL & Windows logins, to only windows logins cause any issues?
It will block (lock out) any attempts to access the database using the sa
account (or any other SQL Login).
Also, if a database has been created with hardly any security already,
are there any issues with introducing security further down the line. For
There 'could' be substaintial disruption when you introduce security.
Consider a building where there were no keys necessary to enter the
building and the rooms, and suddenly keys were required to enter the
building, and also to enter rooms. Until everyone got all of the correct
keys for their needs, there would be major disruption. However, if this
was a well planned process, and appropraite keys were distributed before
all the locks were install, the disruption would be minimal if at all.
example, a SQL server has been deployed already by my predecessor, with
authentication in SA & windows mode, and allowing pretty much anyone
access to SQL. If i was to create a DBA_Admin group and assign admin
writes only to that group, will it cause any problems in a already
functioning database?
Creating a domain/DBA_Admin group, providing that group login access to
the server, and also placing that group in the sysadmin server role, will
not cause any problems in a functioning database.
The problems will occur as you start locking down and removing permissions
from the sa account. And you 'should' do that. Applications should not be
using the sa account for database access since the sa account can do
'anything' with and to the server.
TIA
.
- Follow-Ups:
- Re: Changing security authentication type.
- From: Arnie Rowland
- Re: Changing security authentication type.
- References:
- Changing security authentication type.
- From: Stu
- Re: Changing security authentication type.
- From: Arnie Rowland
- Changing security authentication type.
- Prev by Date: Re: Tools For Scanning Data?
- Next by Date: Re: Tools For Scanning Data?
- Previous by thread: Re: Changing security authentication type.
- Next by thread: Re: Changing security authentication type.
- Index(es):
Relevant Pages
|
|
