Re: Third party access to SQL
- From: "Uri Dimant" <urid@xxxxxxxxxxx>
- Date: Thu, 24 Apr 2008 19:12:24 +0300
Dan
Although the IT folks are stakeholders, they don't always have the final
say about such matters in the real world. A DBA can voice concerns but,
at the end of the day, it is a management decision as to whether or not
Best Practices are followed.
Oh,how true it is
"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE6DF1B2-9302-4757-918C-D84C3F4856C0@xxxxxxxxxxxxxxxx
I am sure that they shouldn`t be doing any work on tables structure, sp`s
etc on a live database. That work should be tested, scripted etc and then
run
on in a controlled environment by my company.
If this is the case, then why would the third party request sysadmin
access to the production environment? Why do they need access to the
production environment at all? I think you need a clear understanding of
the third party roles, responsibilities and expectations before you can
setup the appropriate permissions (minimal level of required). This is
particularly true of customized solutions.
When working with third party solutions, don't assume that Best Practices
like a formalized testing and promotion process are followed. I've seen
external vendors develop applications ad-hoc in the live production
environment (if it works it's production, otherwise it's just
development). Although the IT folks are stakeholders, they don't always
have the final say about such matters in the real world. A DBA can voice
concerns but, at the end of the day, it is a management decision as to
whether or not Best Practices are followed.
--
Hope this helps.
Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/
"Simon" <Simon@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EA19B1A7-3304-4C88-B92A-EF9866029166@xxxxxxxxxxxxxxxx
We have a hosted SQL server with various internal applications on it. It
has
been decided by on high that the same server will also have a database
from a
third party on the server. The third party have asked for full system
admin
rights on the SQL server.
Obviously I am not going to grant that access level as it gives them full
control on the box. From my viewpoint read and write access to the data
can
be tolerated but anything else will be denied. Would you consider this
standard and is there any documentation with recommendations for control
of
external suppliers ?
I am sure that they shouldn`t be doing any work on tables structure, sp`s
etc on a live database. That work should be tested, scripted etc and then
run
on in a controlled environment by my company.
Anyone have any advice ?
Thanks
SI
.
- References:
- Third party access to SQL
- From: Simon
- Re: Third party access to SQL
- From: Dan Guzman
- Third party access to SQL
- Prev by Date: Re: Third party access to SQL
- Next by Date: DB Access for SQL server
- Previous by thread: Re: Third party access to SQL
- Next by thread: DB Access for SQL server
- Index(es):
Relevant Pages
|
