locked
Help needed - Denying database permissions to users RRS feed

  • Question

  • Hi everyone,

    I have a problem and I can't seem to find solution for it. This issue might have been discussed on this forum before thou I couldn't find it.

    I am working on application that stores various data in SQL database. Now I got task to create a new user in SQL server and grant this user privileges to work with this database (change data, call stored procedures etc) while other users (including admins) should be denied these rights. I suppose this could be done by setting premissions on specific objects and operation, but this database is huge and this should be done on entire database all at once.

    I tried creating new login user, setting permissions for this user but admins are still able to opet and modify my database and moreover if I add new user to server he too would be able to change my database.

    So basically, I want to set security so that only one user is able to work with my database.

    Is this possible (denying admins to opet my database) and if so could you please tell me how to set this?

    Thanks,
    Miroslav
    Tuesday, October 7, 2008 2:37 PM

Answers

  •  

    You can't deny any rights to users having admin previledge.
    Tuesday, October 7, 2008 4:13 PM
  • Members of the sysadmin fixed-server role will have rights to do anything in SQL Server. To control access to privileged users you would need to use a third party application like Guardium which monitors and applies policies to all connections, regardless of the security context.

     

    Here is a link. http://www.guardium.com/index.php/t3/15/

     

    Tuesday, October 7, 2008 4:48 PM

All replies

  •  

    You can't deny any rights to users having admin previledge.
    Tuesday, October 7, 2008 4:13 PM
  • Members of the sysadmin fixed-server role will have rights to do anything in SQL Server. To control access to privileged users you would need to use a third party application like Guardium which monitors and applies policies to all connections, regardless of the security context.

     

    Here is a link. http://www.guardium.com/index.php/t3/15/

     

    Tuesday, October 7, 2008 4:48 PM
  • I think buying Guardium would be too expensive at this moment, I'll try to solve this problem using some alternative ways.

    Thank you for your answer!
    Wednesday, October 8, 2008 1:50 PM