June 18, 2003 at 7:31 am
Hello-
I'm more of a programmer and SQL guy than a DBA. I'm the dbo of our production and development servers and have full reign with no thought for additional security needs.
But - soon I may be working with other developers who will need to create SProcs, tables, and the like. However, I have sensitive data - like commission dollars, which I do not want the developers to see on the DEV or Production box.
Can someone give me a basic overview for handling this type of situaion - I'm sure it's quite common.
Should I set up a "Developer" role in the database and give the role create table and SP permissions but deny access to the Commission table? Do I then have to explicitly give access to all other tables since "public" by defult does NOT have access to anything.
BTW - I control access to the database by users based on permission to the stored procedures. ALL(100%) of the user access to the DB is via SProcs - no dynamic SQL here - so security for the "Users" is straightforward. Howver with developers, it's another story.
Any help at all is appreciated.... B
June 18, 2003 at 7:41 am
Hi BillyWilly,
quote:
Can someone give me a basic overview for handling this type of situaion - I'm sure it's quite common.
first thing that comes in mind, is make sure, the developers aren't members of any local or domain admin NT group. They have admin rights via BUILTIN\Administrators (unless you've deleted this one). in this case you can control them better by only granting dbo, not sysadmin privileges.
That was my major pitfall!
You might take a look at this thread http://www.sqlservercentral.com/forum/topic.asp?TOPIC_ID=12219&FORUM_ID=6&CAT_ID=1&Topic_Title=Enterprise+Manager+Security&Forum_Title=Security
Cheers,
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply