locked
Data Base Access RRS feed

  • Question

  • Hi All,

     is it possible sa user can't access or modify another user database..

    pleae helpme..

    Friday, March 8, 2013 9:59 AM

Answers

  • Sysadmin role members, like the sa account, have full permissions in all databases.  Denying permissions to sysadmin role member has no effect.


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    Saturday, March 9, 2013 6:27 AM
  • You won't be able to stop sysadmin from accessing the data. Your option is to have the application encrypt the sensitive data Before that data is being submitted to SQL Server.

    Tibor Karaszi, SQL Server MVP | web | blog

    Wednesday, March 13, 2013 11:08 AM

All replies

  • it depends upon the credentials  allocated to sa user, if you  give sa user as serveradmin and security admin  then he can do it


    Ramesh Babu Vavilla MCTS,MSBI

    Friday, March 8, 2013 10:31 AM
  • Thank u.. 

    view deny database working or not ?

    Friday, March 8, 2013 11:03 AM
  • What type of modification that you are asking on other database  from the user&  please elaborate on view deny database working or not ?

    >>you can restrict the user or SA account either not giving permissions to the user for that database level or on the Object levels - before this I say please check-

    Server-Level Roles
    http://msdn.microsoft.com/en-us/library/ms188659.aspx

    Database-Level Roles
    http://msdn.microsoft.com/en-us/library/ms189121.aspx

    What each roles & its importance...

    usually Sysadmin can do any activities at the instance level  & incase if you give explcit permissions on the database then they can.

    usually Sa restriction will nobody will do ,Because its plays very important role in the SQL server...


    Thanks, Rama Udaya.K (http://rama38udaya.wordpress.com) ---------------------------------------- Please remember to mark the replies as answers if they help and UN-mark them if they provide no help,Vote if they gives you information.

    Friday, March 8, 2013 4:24 PM
  • Thank u so much..

    my problem is

    1.Im creatting sa account. this account have db1 & db2 & db3  for three different client.(client 1 &2 & 3)

    2.i have created a login for client 1 sql authentication   username and password as well as mapping db1 ..

    3.once client1 enter their username and password.this people can modify and update and access their db (db1). 

    My question was,

    sa account user can not see client 1 db modification or what ever else.




    • Edited by R.Priya Saturday, March 9, 2013 9:59 AM
    Saturday, March 9, 2013 5:37 AM
  • Sysadmin role members, like the sa account, have full permissions in all databases.  Denying permissions to sysadmin role member has no effect.


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    Saturday, March 9, 2013 6:27 AM
  • hi all,

    thank u for reply..

    how to create a encryption database(db1) in sql server 2005


    • Edited by R.Priya Saturday, March 9, 2013 10:01 AM
    Saturday, March 9, 2013 10:00 AM
  • how to create a encryption database(db1) in sql server 2005

    Is this related to your original question (preventing sysadmin role members from accessing/modifying a database)?  What threats are you trying to protect against?


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    Sunday, March 10, 2013 1:05 AM
  • how to create a encryption database(db1) in sql server 2005

    Is this related to your original question (preventing sysadmin role members from accessing/modifying a database)?  What threats are you trying to protect against?


    Dan Guzman, SQL Server MVP, http://www.dbdelta.com

    ya..ur correct..

    Client asking me to preventing sa user..becase they are maintaing securit data thats why they people asking me to product.

    Wednesday, March 13, 2013 8:09 AM
  • You won't be able to stop sysadmin from accessing the data. Your option is to have the application encrypt the sensitive data Before that data is being submitted to SQL Server.

    Tibor Karaszi, SQL Server MVP | web | blog

    Wednesday, March 13, 2013 11:08 AM
  • ok thank u so much...
    Friday, March 15, 2013 11:25 AM