June 9, 2014 at 8:11 am
I have created a trigger to stop someone from dropping or creating a new database that works fine. However, recently I restored over a database that was replicated. I have now been asked if I can create a trigger that will block restoring over an existing database. I thought my trigger would stop these things but after testing I can still restore over existing databases without conflicting with the trigger. I know that restore_database clause is not an option when creating the trigger, so I am wondering if any other users have a found a way to do this? As you can see this one is for a specific user, I will figure out how to specify a specific next.
Thanks for any help. This is what I have so far.
/****** Object: DdlTrigger [ddl_StopDoingThat] Script Date: 06/09/2014 09:38:21 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER TRIGGER [ddl_StopDoingThat]
ON ALL SERVER
FOR CREATE_DATABASE, DROP_DATABASE
AS
IF SUSER_SNAME() = 'domain\user'
BEGIN
PRINT 'You must disable Trigger "StopDoingThat" to create databases!'
ROLLBACK
END
GO
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO
June 9, 2014 at 8:19 am
I'm not sure if you can do that, but why don't you remove the permissions to restore backups on the database for that user?
June 9, 2014 at 8:19 am
Not possible, because DDL triggers are AFTER triggers. They fire after the action has completed. Any trigger which fired after a restore database had run would not be able to undo the restore, you can't roll back a restore.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
June 9, 2014 at 8:32 am
Don't bother with the trigger. Grant the user CREATE ANY DATABASE, but make sure he/she/it is not (a) the owner of any database you don't want overwritten, (b) a member of sysadmin and (c) a member of dbcreator.
John
June 9, 2014 at 8:41 am
Thanks for the quick answers.
If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?
June 9, 2014 at 8:43 am
Because you can roll back a DROP DATABASE, but not a RESTORE.
John
June 9, 2014 at 8:44 am
Changing permissions is the best way to handle this I agree, but a surprisingly slow battle. A large chunk of people run with SysAdmin even though only DBA's should have this privilege.
June 9, 2014 at 8:46 am
If it's not possible then I guess I'll stop trying to find a way and let the requester know. Thanks, this was quick
June 9, 2014 at 9:11 am
lmacdonald (6/9/2014)
If DDL triggers run after, why does the trigger I have that prevents someone from dropping a database work?
Because you can run a drop database within a transaction, the 'results' (the files being deleted) does not happen unless the transaction is committed, if you roll back the transaction the files are never dropped.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
November 26, 2019 at 8:24 am
Hi,
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
November 26, 2019 at 8:28 am
I have the same problem (almost), but it`s not about permission, I need to stop everyone from doing a restore operation in production server (business requirement after an accidental restore), now here is the catch:
The restore_database clause is not an option if we go for trigger, then how to accomplish this? Any help will be highly appreciated.
Thx
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
November 26, 2019 at 9:19 am
As has been said above, you can't stop people from doing this if they have the necessary permissions. Restrict who has SSMS installed on their desktop. Make sure all databases have a connection to them so that you can't accidentally overwrite a database. Back up your databases with sufficient regularity that you can recover from such unfortunate events.
John
November 26, 2019 at 9:33 am
@john-2 Mitchell, Thanks for the reply! The accidental restore was done by a 3rd party powerful tool not SSMS, even worse the REPLACE & drop current connections options were chosen in that tool. The frequent backup intervals that saved the database later.
Actually so far I can see my only option here is to use a different account for restores with no one has it`s password except with only one person in-charge, see below link: https://dba.stackexchange.com/questions/53995/prevent-sysadmin-from-doing-a-database-restore
BR,
Hany
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
November 26, 2019 at 9:54 am
db_backupoperator
Members of the db_backupoperator fixed database role can back up the database.
I guess that would be enough privilege to perform the backup but CANNOT DO RESTORES!
Thanks & Best Regards,
Hany Helmy
SQL Server Database Consultant
Viewing 14 posts - 1 through 14 (of 14 total)
You must be logged in to reply to this topic. Login to reply
This website stores cookies on your computer.
These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media.
To find out more about the cookies we use, see our Privacy Policy