April 11, 2019 at 8:35 pm
I hope this is the right place top post this, apologies if not and please advise.
A request has been placed by an application provider which asks for the following:
1 Their application sql login is granted sa rights ( a definite no there)
2 Their application can enable CLR integration, any product update may or may not introduce further "features". As a minimum CLR is enabled and the account (or database) has rights (is_trusted) to CLR
3 Their account sets up broker services for the application to function.
My question is twofold; is it possible to allow a third party application to use CLR and broker service with minimal rights? and secondly if not possible what is the best argument to resist such a request?
This will be a potential SQL 2017 application deployment to an AO environment with multiple application databases present.
...
April 15, 2019 at 4:47 am
You may deploy a named instance of SQL Server on a virtual machine with only one (or how many they need) database required for the application.
Make sure the sysadmin account on that virtual machine cannot interact with any other resources on the network.
Define well controlled interfaces with appropriate permissions which would allow data exchange between the server and other resources which need to communicate with it.
_____________
Code for TallyGenerator
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply