Re: Third party access to SQL

From: "Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 24 Apr 2008 07:29:27 -0500

I am sure that they shouldn`t be doing any work on tables structure, sp`s
etc on a live database. That work should be tested, scripted etc and then run
on in a controlled environment by my company.

If this is the case, then why would the third party request sysadmin access to the production environment? Why do they need access to the production environment at all? I think you need a clear understanding of the third party roles, responsibilities and expectations before you can setup the appropriate permissions (minimal level of required). This is particularly true of customized solutions.

When working with third party solutions, don't assume that Best Practices like a formalized testing and promotion process are followed. I've seen external vendors develop applications ad-hoc in the live production environment (if it works it's production, otherwise it's just development). Although the IT folks are stakeholders, they don't always have the final say about such matters in the real world. A DBA can voice concerns but, at the end of the day, it is a management decision as to whether or not Best Practices are followed.

--
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:EA19B1A7-3304-4C88-B92A-EF9866029166@xxxxxxxxxxxxxxxx

We have a hosted SQL server with various internal applications on it. It has
been decided by on high that the same server will also have a database from a
third party on the server. The third party have asked for full system admin
rights on the SQL server.

Obviously I am not going to grant that access level as it gives them full
control on the box. From my viewpoint read and write access to the data can
be tolerated but anything else will be denied. Would you consider this
standard and is there any documentation with recommendations for control of
external suppliers ?

I am sure that they shouldn`t be doing any work on tables structure, sp`s
etc on a live database. That work should be tested, scripted etc and then run
on in a controlled environment by my company.

Anyone have any advice ?

Thanks

SI

Follow-Ups:
- Re: Third party access to SQL
  - From: Uri Dimant

References:
- Third party access to SQL
  - From: Simon

Prev by Date: Third party access to SQL
Next by Date: Re: Third party access to SQL
Previous by thread: Third party access to SQL
Next by thread: Re: Third party access to SQL
Index(es):
- Date
- Thread

Relevant Pages

Re: Third party access to SQL
... on in a controlled environment by my company. ... then why would the third party request sysadmin ... access to the production environment? ... SQL Server MVP ...
(microsoft.public.sqlserver.security)
Re: any training available on configuring VS & VC++
... Actually I think what has happened is that in the Unix environment ... - add the third party SDK (I should say that the third party SDK ... > command line building environment with makefiles or batch files ...
(microsoft.public.vc.language)
Re: C file operations
... in the windows world there are many third party ... developers are used to a lesser environment, thus needing third party tools. ... Dave Froble Enterprises, Inc. ...
(comp.os.vms)
Re: .NET SP1 issue fixed? (open since 31/8)
... >Then politely, Larry, maybe you've not been an environment where it is ... Isn't it vital to *check* a development system before committing to 'the ... a controlled environment for my builds, let's blame it on someone else". ...
(borland.public.delphi.non-technical)