SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to deny restore database in sql server to SA?


How to deny restore database in sql server to SA?

Author
Message
das.saroj09
das.saroj09
Grasshopper
Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)

Group: General Forum Members
Points: 16 Visits: 261
Hi need a help ?

Mistakenly restored the prod database instance instead of development and i am having full privelage(sysadmin) on the server. can we have any procedure/trigger/server level permission to restrict this kind of situation to happen again in production. So when ever they required to do a refresh to prod we will grant/alter the permission to do.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)

Group: General Forum Members
Points: 88835 Visits: 45284
You cannot deny anything to a sysadmin.

You could try a DDL trigger on CREATE DATABASE, but the problem with those is they are AFTER triggers and I'm not sure if they work for RESTORE database as well as CREATE. I suspect not because it can't be rolled back.

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


das.saroj09
das.saroj09
Grasshopper
Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)

Group: General Forum Members
Points: 16 Visits: 261
by any way we can kill the command if it get fired to a production server.
we will not deny restore database, but can we kill the restore before database go to restoring state.
GilaMonster
GilaMonster
SSC Guru
SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)SSC Guru (88K reputation)

Group: General Forum Members
Points: 88835 Visits: 45284
No, because as soon as the restore has started the files it's using get written over. You can kill it at any point, but the database being restored over will already be gone at that time and you'd need to restart a restore to get the DB back

Maybe take away his sysadmin permissions, limit to other permissions to do what he needs and stress the importance of being really, really careful. Or make the normal login that the guys use a non-sysadmin so that they have to change login to do anything sensitive

Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


das.saroj09
das.saroj09
Grasshopper
Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)Grasshopper (16 reputation)

Group: General Forum Members
Points: 16 Visits: 261
any other way or any one else can put your suggestions for the same.......

Thnaks for the reply Gila.
Brandie Tarvin
Brandie Tarvin
SSChampion
SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)SSChampion (14K reputation)

Group: General Forum Members
Points: 14856 Visits: 9006
You cannot prevent yourself from restoring a production database at any point in the future by any other method then double-checking your work before you hit the button.

Sysadmin will ALWAYS be able to restore. If you don't want that ability, take away Sysadmin and give yourself other server roles except for the Backup role.

Think of it this way. To SQL Server, a sysadmin is God. Therefore there is nothing you can do to prevent God from doing whatever (s)he likes.

You should be proud of yourself. You have just taught yourself a valuable lesson that will stay with you the rest of your career. If I understand the situation correctly, you only had to teach it to yourself once. Some people make the same mistakes over and over again without learning from them.

Brandie Tarvin, MCITP Database AdministratorLiveJournal Blog: http://brandietarvin.livejournal.com/On LinkedIn!, Google+, and Twitter.Freelance Writer: ShadowrunLatchkeys: Nevermore, Latchkeys: The Bootleg War, and Latchkeys: Roscoes in the Night are now available on Nook and Kindle.
patrickmcginnis59 10839
patrickmcginnis59 10839
SSCommitted
SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)SSCommitted (1.8K reputation)

Group: General Forum Members
Points: 1796 Visits: 5527
I periodically have to restore to test instances and while its certainly not foolproof, the first time I do this, I script all the restore and update T-SQL out into a text file and paste into SSMS from there. This way, I have a reference and only had to type it in correctly once. Plus, psychologically, it just seems to be reassuring to me.

I also really really like the idea as mentioned of having separate logins and this used to be the norm for the sort of work I used to do, but nowaday's getting Windows administrators to even consider this seems to be a lost cause, and from what I've read, many SQL Server folks are probably of the same mindset.

to properly post on a forum:
http://www.sqlservercentral.com/articles/61537/
Jeff Moden
Jeff Moden
SSC Guru
SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)

Group: General Forum Members
Points: 87896 Visits: 41125
das.saroj09 (8/28/2013)
Hi need a help ?

Mistakenly restored the prod database instance instead of development and i am having full privelage(sysadmin) on the server. can we have any procedure/trigger/server level permission to restrict this kind of situation to happen again in production. So when ever they required to do a refresh to prod we will grant/alter the permission to do.


This is a way to help avoid this... and failed security audits. The backups for Dev and the backups for Prod should be on separate secure shares and the Dev SQLServer login should NOT have the privs to see the Prod backups directly and vice versa.

--Jeff Moden

RBAR is pronounced ree-bar and is a Modenism for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column.
If you think its expensive to hire a professional to do the job, wait until you hire an amateur. -- Red Adair

Helpful Links:
How to post code problems
How to post performance problems
Forum FAQs
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10528 Visits: 1917
I believe you can put in a server level trigger, but this should not be relied upon.

By the way, situations like this is one reason some folks put development in a separate AD domain and ensure that the development credentials don't have access to production, just as Jeff said. If they are in a separate forest and production does not trust development and there is no forest-level trust, you ensure that if you are using your development account there is NO way of crossing that barrier.

K. Brian Kelley
@‌kbriankelley
Steve Jones
Steve Jones
SSC Guru
SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)SSC Guru (63K reputation)

Group: Administrators
Points: 63979 Visits: 19117
One more vote for separate access and accounts in dev and production. It won't prevent it, but it can stop lots of silly mistakes.

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search