October 3, 2006 at 4:26 am
Hi there,
I'm checking a databaseserver and notice a databaserole, which has a login with SA-rights. In this databaserole a specific table is set to 'deny insert'.
Is this effective for the serverrole SA? It never occurred to me you could deny SA's access to data.
TIA.
Greetz,
Hans Brouwer
October 5, 2006 at 12:05 pm
I'm confused. If you are equating "SA-rights" as a Login that has been given the server role System Adminstrator (SysAdmin), this can only be given to Logins (individual or NT group). A user with a SysAdmin role can not be restricted in any way, no matter what other roles you may try to assign them to.
There normally is a login of "sa" that has been given the server role of SysAdmin. You can remove sa from the SysAdmin role, but you have to have at least one login with that role or you cannot administer Sql-Server (you can also "break" some processes that depend on sa being SysAdmin).
If "SA-rights" means adding a User to the db_owner role of a database, I'm not sure if adding them to another role that denied them access would restrict the user or not.
Steve B.
October 9, 2006 at 5:02 am
Tnx for answering, SBlock. I was confused too. I have checked this, adding DENY-permissions to a user with SA rights, but I noticed no restrictions. Probably someone had played around a bit, or was not very knowledgable about things...
Greetz,
Hans Brouwer
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply