RE: Securing a SQL Server Database

Hello Greg,

Since the SA is the system administrator of the sql server, you could not
avoid it to access the datbase.

Although you could disable the sql authentication in the server to avoid
the SA account to use, this will effect other users in the same database
server. Also, if some login is assigned as sysadmin role in the sql server,
it could access all the database on that server.

The database file in the sql server is not just a file but it will be
managed by the sql server services. So the system admin need to monitor all
the databases on that server. This makes sense. My suggestion is that you
need to control your system admin account and did not grant other users to
such high level permission.

As for the encrypt the database file, I suggest you to grant a SYMMETRIC
KEY for the database so that only the user who have the key could copy and
open the database file in the sql server.

For more detailed information, you could refer following articles:

GRANT Symmetric Key Permissions (Transact-SQL)
http://msdn2.microsoft.com/en-us/library/ms179887.aspx

Security Considerations for SQL Server
http://msdn2.microsoft.com/en-us/library/ms161948.aspx

Hope this will be helpful for you to understand the security in SQL Server.

Sincerely yours,

Wei Lu
Microsoft Online Partner Support

=====================================================

PLEASE NOTE: The partner managed newsgroups are provided to assist with
break/fix
issues and simple how to questions.

We also love to hear your product feedback!

Let us know what you think by posting
- from the web interface: Partner Feedback
- from your newsreader: microsoft.private.directaccess.partnerfeedback.
We look forward to hearing from you!
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
======================================================
.

Relevant Pages

  • Re: MS Access DAO -> ADO.NET Migration
    ... William Vaughn ... Microsoft MVP ... Hitchhiker's Guide to Visual Studio and SQL Server ... My migration app works building a SSCE database file with imported data ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Cluster will not fail over.
    ... > As far as the TCP/IP issue goes, you had to rebuild the cluster and were ... > able to restore the master database. ... > a cluster installation you'll have to revisit. ... >> This worked bringing up the sql server in minimal mode. ...
    (microsoft.public.sqlserver.clustering)
  • Re: Word 2003/Access2000/SQLSVR
    ... SQL server being where the data is held and this is accessed through a MS ... entire database and that may be say a record for Berkshire. ... "Peter Jamieson" wrote: ... replaced with the first record on the table in use. ...
    (microsoft.public.word.mailmerge.fields)
  • Re: MS Access DAO -> ADO.NET Migration
    ... full SQL Server and I see the logic you explained in a multi user ... allow two users to access the same database file Read/Write at any given ... The book was a pleasure to read after the gibberish that Microsoft 'puts ... Hitchhiker's Guide to Visual Studio and SQL Server ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: MS Access DAO -> ADO.NET Migration
    ... For that it is much harder to handle the incremental identifier, ... database but although they have the data, they are not connected at the same ... The book was a pleasure to read after the gibberish that Microsoft 'puts ... SQL Server Management Studio is nowhere to be found on my ...
    (microsoft.public.dotnet.framework.adonet)