Home Forums SQL Server 2005 SQL Server 2005 Security Restrinct for insert update and delete from a specific table RE: Restrinct for insert update and delete from a specific table

  • July 25, 2013 at 2:05 pm

    #1635913

    Eric M Russell (7/25/2013)

    Sean Lange (7/25/2013)

    Sounds like you guys have kind of painted yourselves into a corner. There is a way to do this but it is not exactly best practice. Basically what you are trying to do is make a table readonly unless the current is xxx.

    You could create instead of triggers on this one table and check SUSER_NAME(). If it is not the user that can modify the table you could either raise an error or simply exit.

    Yeah, recently someone have a presentation at our local mssql user group meeting on how he uses logon triggers, etc. in an attempt to block accounts with sysadmin membershop from harming his production database. It seems to be a daily struggle, and he obviously put a lot of thought and effort into it. The sad thing about it is that one of these rogue sysadmins can simply drop the trigger, if they were intent on doing some damage.

    Really, if the DBA would just drop the accounts from sysadmin role, and add them as db_datareader / db_datawriter, that would cover anything that an application account would need to do. It's not as if a user will call up help desk and complain because they can't change the MAXDOP setting or truncate the transaction log. Even if they did, then that's obviously something that the DBA would want routed through his department anyhow.

    Agreed. It sounds like security has really gotten away from there here. It is not a difficult thing to manage if you have a plan. Giving sysadmin to applications is definitely not the best approach. It is really difficult to back track in these cases and reel everything back in. It is always met with backlash and complaining. The other side of that is what this person is facing, everybody has full access to everything and now we need to prevent it for some users in some situations. :w00t:

    _______________________________________________________________

    Need help? Help us help you.

    Read the article at http://www.sqlservercentral.com/articles/Best+Practices/61537/ for best practices on asking questions.

    Need to split a string? Try Jeff Modens splitter http://www.sqlservercentral.com/articles/Tally+Table/72993/.

    Cross Tabs and Pivots, Part 1 – Converting Rows to Columns - http://www.sqlservercentral.com/articles/T-SQL/63681/
    Cross Tabs and Pivots, Part 2 - Dynamic Cross Tabs - http://www.sqlservercentral.com/articles/Crosstab/65048/
    Understanding and Using APPLY (Part 1) - http://www.sqlservercentral.com/articles/APPLY/69953/
    Understanding and Using APPLY (Part 2) - http://www.sqlservercentral.com/articles/APPLY/69954/