view definition hide from SA user

Question

view definition hide from SA user

rachit.dba

Valued Member

Points: 62
More actions
February 28, 2022 at 7:58 am

#3990054

Can I hide view definition of others users's procedures from SA user. I want to hide business logic.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply

Ant-Green SSC Guru Points: 113564 More actions · Answer 1

You cannot hide anything from the SA user or a sysadmin.

You could obfuscate the definitions using the “with encryption” phrase but give any good DBA 2 seconds and they can break it easily.

This is where NDAs come into play I’m afraid or you host the database instead of the client.

frederico_fonseca SSCoach Points: 16251 More actions · Answer 2

and.... SA user should not be enabled at all!!!

and should not be used by ANY application either.

Steve Jones - SSC Editor SSC Guru Points: 738713 More actions · Answer 3

sa, or any sysadmin, can get to anything on the instance, except for encrypted data to which the key is not stored in SQL Server.

Jeff Moden SSC Guru Points: 1004644 More actions · Answer 4

rachit.dba wrote:

Can I hide view definition of others users's procedures from SA user. I want to hide business logic.

The only way to do this is to deliver you code on an "appliance" that no one at the company has any privs to anything except through stored procedures. Even then, someone can wire sniff your stuff. Is all of that worth it?

As the others have also said, no one and no application should be using the "SA" login itself. It must be disabled. Handing out sysadmin privs should be limited to only a very few select DBAs. Even supposed "power users" shouldn't have sysadmin privs and generally not DBO or other database "roles".

Trying to hide "business logic" is pretty much a waste of time and effort. There are decompilers available to the general public that will blow your mind.

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)

Steve Jones - SSC Editor SSC Guru Points: 738713 More actions · Answer 5

Jeff Moden wrote:

rachit.dba wrote:
Can I hide view definition of others users's procedures from SA user. I want to hide business logic.
..
Trying to hide "business logic" is pretty much a waste of time and effort. There are decompilers available to the general public that will blow your mind.

I'll only disagree with the "pretty much". Once someone else has control of the server, they can see anything. The various methods to hide code in SQL Server are trivial. You have slightly better luck with compiled application code, but only because most people are too lazy to use a decompiler.

Bottom line, copyright/trademark and use a contract to protect your code. Not a technical solution.