Apply SOD(Segregation of Duties) on SQL server RRS feed

  • Question

  • our security team aim to develop and apply SOD (Segregation of Duties) Concept on SQL server Data Base , is there any ideas to start , also i want your experience on that field
    Tuesday, January 23, 2018 8:18 AM

All replies

  • Hi Mohamed Esmail,


    First of all, we will begin from identifying the requirements and restrictions, properly stating the maximum level of authority for sensitive server and database objects. We will need first classify the different groups of users/application databases, the security requirements for server level and database level objects.


    Then, we will need to apply Security Principles to the DBA, it's not suggested to use the sysadmin role as a general purpose DBA role. We will need to configure permission for DBA by referring the description of each role and principle.


    After that, we will protect Database and Data accessing, then authorizing elevated Privileges for Specific DBA Tasks. Here is a White Paper for SQL Server Separation of Duties, please download from SQL Server Separation of Duties - Download Center - Microsoft and refer to it.


    Best Regards,



    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Proposed as answer by Teige Gao Wednesday, January 31, 2018 2:18 AM
    Wednesday, January 24, 2018 5:46 AM
  • Hi Mohamed,

    Teige Gao has shared nice guide for user management. In addition to that you can have a look on below link as well to create Group on Active directory to ease user management based on their roles.



    AKash Pawar

    Wednesday, January 24, 2018 5:56 AM
  • As it happens I just recently published a paper on exactly that topic that should give you some ideas on how to pursue SoD in SQL Server:

    Separation of Duties (SoD) and role-based security conception in SQL Server

    I also refer so several resources, some of which have been mentioned in this thread already.

    Feel free to comment.

    Good Luck


    Andreas Wolter (Blog | Twitter)
    MCSM: Microsoft Certified Solutions Master Data Platform/SQL Server 2012
    MCM SQL Server 2008
    MVP Data Platform MCSE Data Platform
    MCSM Charter Member, MCITP Charter Member etc.

    Tuesday, January 30, 2018 12:09 AM