Need a trigger to stop a restore with replace

  • lmacdonald

    Hall of Fame

    Points: 3763

    I have created a trigger to stop someone from dropping or creating a new database that works fine. However, recently I restored over a database that was replicated. I have now been asked if I can create a trigger that will block restoring over an existing database. I thought my trigger would stop these things but after testing I can still restore over existing databases without conflicting with the trigger. I know that restore_database clause is not an option when creating the trigger, so I am wondering if any other users have a found a way to do this? As you can see this one is for a specific user, I will figure out how to specify a specific next.

    Thanks for any help. This is what I have so far.

    /****** Object: DdlTrigger [ddl_StopDoingThat] Script Date: 06/09/2014 09:38:21 ******/

    SET ANSI_NULLS ON

    GO

    SET QUOTED_IDENTIFIER ON

    GO

    ALTER TRIGGER [ddl_StopDoingThat]

    ON ALL SERVER

    FOR CREATE_DATABASE, DROP_DATABASE

    AS

    IF SUSER_SNAME() = 'domain\user'

    BEGIN

    PRINT 'You must disable Trigger "StopDoingThat" to create databases!'

    ROLLBACK

    END

    GO

    SET ANSI_NULLS OFF

    GO

    SET QUOTED_IDENTIFIER OFF

    GO

  • Luis Cazares

    SSC Guru

    Points: 183580

    I'm not sure if you can do that, but why don't you remove the permissions to restore backups on the database for that user?

    Luis C.
    General Disclaimer:
    Are you seriously taking the advice and code from someone from the internet without testing it? Do you at least understand it? Or can it easily kill your server?

    How to post data/code on a forum to get the best help: Option 1 / Option 2
  • Gail Shaw

    SSC Guru

    Points: 1004446

    Not possible, because DDL triggers are AFTER triggers. They fire after the action has completed. Any trigger which fired after a restore database had run would not be able to undo the restore, you can't roll back a restore.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • John Mitchell-245523

    SSC Guru

    Points: 148434

    Don't bother with the trigger. Grant the user CREATE ANY DATABASE, but make sure he/she/it is not (a) the owner of any database you don't want overwritten, (b) a member of sysadmin and (c) a member of dbcreator.

    John

  • lmacdonald

    Hall of Fame

    Points: 3763

    Thanks for the quick answers.

    If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?

  • John Mitchell-245523

    SSC Guru

    Points: 148434

    Because you can roll back a DROP DATABASE, but not a RESTORE.

    John

  • lmacdonald

    Hall of Fame

    Points: 3763

    Changing permissions is the best way to handle this I agree, but a surprisingly slow battle. A large chunk of people run with SysAdmin even though only DBA's should have this privilege.

  • lmacdonald

    Hall of Fame

    Points: 3763

    If it's not possible then I guess I'll stop trying to find a way and let the requester know. Thanks, this was quick 🙂

  • Gail Shaw

    SSC Guru

    Points: 1004446

    lmacdonald (6/9/2014)


    If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?

    Because you can run a drop database within a transaction, the 'results' (the files being deleted) does not happen unless the transaction is committed, if you roll back the transaction the files are never dropped.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Hany Helmy

    SSChampion

    Points: 13435

    Hi,

  • Hany Helmy

    SSChampion

    Points: 13435

    I have the same problem (almost), but it`s not about permission, I need to stop everyone from doing a restore operation in production server (business requirement after an accidental restore), now here is the catch:

    The restore_database clause is not an option if we go for trigger, then how to accomplish this? Any help will be highly appreciated.

    Thx

  • John Mitchell-245523

    SSC Guru

    Points: 148434

    As has been said above, you can't stop people from doing this if they have the necessary permissions.  Restrict who has SSMS installed on their desktop.  Make sure all databases have a connection to them so that you can't accidentally overwrite a database.  Back up your databases with sufficient regularity that you can recover from such unfortunate events.

    John

  • Hany Helmy

    SSChampion

    Points: 13435

    @john-2 Mitchell, Thanks for the reply! The accidental restore was done by a 3rd party powerful tool not SSMS, even worse the REPLACE & drop current connections options were chosen in that tool. The frequent backup intervals that saved the database later.

    Actually so far I can see my only option here is to use a different account for restores with no one has it`s password except with only one person in-charge, see below link: https://dba.stackexchange.com/questions/53995/prevent-sysadmin-from-doing-a-database-restore

    BR,

    Hany

  • Hany Helmy

    SSChampion

    Points: 13435

    db_backupoperator

    Members of the db_backupoperator fixed database role can back up the database.

    I guess that would be enough privilege to perform the backup but CANNOT DO RESTORES!

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic. Login to reply