Need a trigger to stop a restore with replace
-
I have created a trigger to stop someone from dropping or creating a new database that works fine. However, recently I restored over a database that was replicated. I have now been asked if I can create a trigger that will block restoring over an existing database. I thought my trigger would stop these things but after testing I can still restore over existing databases without conflicting with the trigger. I know that restore_database clause is not an option when creating the trigger, so I am wondering if any other users have a found a way to do this? As you can see this one is for a specific user, I will figure out how to specify a specific next.
Thanks for any help. This is what I have so far.
/****** Object: DdlTrigger [ddl_StopDoingThat] Script Date: 06/09/2014 09:38:21 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [ddl_StopDoingThat]
ON ALL SERVER
FOR CREATE_DATABASE, DROP_DATABASE
AS
IF SUSER_SNAME() = 'domain\user'
BEGIN
PRINT 'You must disable Trigger "StopDoingThat" to create databases!'
ROLLBACK
END
GO
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO
-
I'm not sure if you can do that, but why don't you remove the permissions to restore backups on the database for that user?
-
Not possible, because DDL triggers are AFTER triggers. They fire after the action has completed. Any trigger which fired after a restore database had run would not be able to undo the restore, you can't roll back a restore.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverabilityWe walk in the dark places no others will enter
We stand on the bridge and no one may pass -
Don't bother with the trigger. Grant the user CREATE ANY DATABASE, but make sure he/she/it is not (a) the owner of any database you don't want overwritten, (b) a member of sysadmin and (c) a member of dbcreator.
John
-
Thanks for the quick answers.
If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?
-
Because you can roll back a DROP DATABASE, but not a RESTORE.
John
-
Changing permissions is the best way to handle this I agree, but a surprisingly slow battle. A large chunk of people run with SysAdmin even though only DBA's should have this privilege.
-
If it's not possible then I guess I'll stop trying to find a way and let the requester know. Thanks, this was quick
-
lmacdonald (6/9/2014)
If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?Because you can run a drop database within a transaction, the 'results' (the files being deleted) does not happen unless the transaction is committed, if you roll back the transaction the files are never dropped.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverabilityWe walk in the dark places no others will enter
We stand on the bridge and no one may pass -
Hi,
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant -
I have the same problem (almost), but it`s not about permission, I need to stop everyone from doing a restore operation in production server (business requirement after an accidental restore), now here is the catch:
The restore_database clause is not an option if we go for trigger, then how to accomplish this? Any help will be highly appreciated.
Thx
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant -
As has been said above, you can't stop people from doing this if they have the necessary permissions. Restrict who has SSMS installed on their desktop. Make sure all databases have a connection to them so that you can't accidentally overwrite a database. Back up your databases with sufficient regularity that you can recover from such unfortunate events.
John
-
@john-2 Mitchell, Thanks for the reply! The accidental restore was done by a 3rd party powerful tool not SSMS, even worse the REPLACE & drop current connections options were chosen in that tool. The frequent backup intervals that saved the database later.
Actually so far I can see my only option here is to use a different account for restores with no one has it`s password except with only one person in-charge, see below link: https://dba.stackexchange.com/questions/53995/prevent-sysadmin-from-doing-a-database-restore
BR,
Hany
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant -
db_backupoperator
Members of the db_backupoperator fixed database role can back up the database.
I guess that would be enough privilege to perform the backup but CANNOT DO RESTORES!
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
Viewing 14 posts - 1 through 14 (of 14 total)
You must be logged in to reply to this topic. Login to reply