Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Contractor Access to Company Databases Expand / Collapse
Author
Message
Posted Thursday, December 21, 2006 12:28 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Monday, July 29, 2013 8:29 AM
Points: 28, Visits: 133
 Hi there

I need to get some feedback about DBA Contractor access to our company databases.  I am a DBA and from time to time we get DBA contractors in to perform development work on specifc systems.  The group that they current get added to gives them access to all systems in the company (we have a lot of systems from payroll to customers etc).  I might add that our company is a well known financial institution in our country.

How are other DBA's treating contractors in their company.  I have no problem giving them the access they need to perform the task that they are contracted to do, but should they get full access?

How does this fit in with Sarbanes Oxley?

Your feedback would be much appreciated.

Thank you




Post #332039
Posted Thursday, December 21, 2006 5:06 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Monday, June 9, 2014 6:02 AM
Points: 2,674, Visits: 697

as an independent DBA I encounter this often. If I'm to perform dba tasks on prod systems then I need the access to do the task. I know SOX prefer it that you log on as an account under your own name, so there's some sort of audit trail, and they prefer that you are not a sysadmin - but it's not possible to have a system without sysadmins - I usually connect with integrated security through a DBA group - seemed fine for them.

Don't know if this helps at all?



The GrumpyOldDBA
www.grumpyolddba.co.uk
http://sqlblogcasts.com/blogs/grumpyolddba/
Post #332111
Posted Friday, December 22, 2006 3:44 AM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, March 25, 2014 1:21 AM
Points: 73, Visits: 69
Are you asking for a proscribed way of limiting access? If so, there are many ways to achieve this but my favourite first step is, as Colin quite rightly states, to give the contractor a specific domain login with minimal privileges.

It should then be a simple matter to add that domain login to the specific SQL Server instance and assign server roles (sysadmin etc.) or database specific privileges (db owner, datareader etc.).

This scheme gives you the best chance at a meaningful audit trail and, even better, the domain account can be set up to expire at a predetermined date thus ensuring the access lasts no longer than it should.



Malcolm
DB Ghost - Build, compare and synchronize from source control = Database Change Management for SQL Server
www.dbghost.com
Post #332455
Posted Friday, December 22, 2006 8:58 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, August 4, 2014 7:04 AM
Points: 109, Visits: 536
I aggree give them only the access they need. With the least amount of privileges needed to do what they were contracted for.


Post #332531
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse