November 20, 2017 at 1:43 am
Hi all
Has anyone implemented an RBAC model ti restrict Junior DBAs access to view data while at the same time allowing them to perform administration tasks? I suppose my first question is what kinds of tasks could they do without being able to view data. I understand encryption would be the ideal scenario here, but at present that is not possible.Some of the things I have thought of that they could do with the appropriate controls in place would be:
Performance tuning using DMVs, profier etc - what I am unclear of however is if this give them access to view data
High level troubleshooting - viewing error logs etc
Writing reports for compliance purposes.
Any and all comments welcome.
Thanks
November 20, 2017 at 6:36 am
I don't know about the RBAC, but, if someone can view the DMVs, they can see parameter values passed for queries that are ad hoc. That can be a violation of certain types of security.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply