How can I system admin let it be me, but another users and admins must be cannot access my database.
My database located on customer server. I deleted all sql users, there's only sa user. This persons don't know my sa password. But this persons created sa similar users, and can access my database. I want block this users to my db.
Sql-server – How to make only *one* user controlled database
sql serversql-server-2008
Related Question
- Sql-server – How to we restrict content by user role in Tableau dashboard without using Cross Join
- Sql-server – Granting a SQL Server database only user execute on xp_instance_regread fails
- Sql-server – Prevent a user from making changes to some columns in a MS SQL Server database
- Sql-server – How to handle removing ASP.NET users where their UserID is tied to rows that should be maintained even after a user is deleted
- Sql-server – SQL Server – How does contained database user password expiration work
- Sql-server – CREATE Windows User in database for not existing domain
- SQL Server – How to Test User Permissions
Best Answer
You can only really hope to log this and raise alerts. Users who can administer the hardware can always stop the service and bring a database up in single user mode etc. They can give themselves elevated permissions etc.
It's a common requirement to segregate administrative duties so that server admins cannot see confidential files or confidential data.
However, because every administrative role can typically elevate their rights or create other users, requiring users to use least privilege accounts for their daily work and auditing what is done with elevated accounts is really the only way to deal with it.