I have thought about this from time to time. I imagine the implementation would not be much different in principle than a honeypot.
Give them an account and password that is routed to a honeypot. They get what they think is legit documentation, and this gives you time to track the breach and act upon that breach.
How frequently would this be needed - probably rare at the most frequent.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events