|
Home > Archive > MS SQL Server security > July 2005 > User rights and SOX
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
User rights and SOX
|
|
| jaylou 2005-07-21, 9:23 am |
| First question:
I have a user that is admin on the server to perform security patches and
general server maint. He is also a user in SQL. Since he is the Admin of
the box he has also inherited Admin rights to SQL. I want him to have only
" select,insert,update
and delete" rights to all tables but no other rights in
SQL.
Is this possible?
2nd question:
Has anyone out there needed to separate SQL functions for SOX? If so can
you please give me some ideas of how you separated SA and DBO functions?
SA(insert, update, delete)
DBO (create tables,give user rights etc..)
Thanks,
Joe
| |
| Mike Epprecht (SQL MVP) 2005-07-22, 3:23 am |
| 1. Remove the BUILTIN\administrato
rs group from SQL Server logins. The admins
then don't have any access. Then add the specific user with only the
permissions they need.
2. Don't use the SA account. Change it's password to something very
difficult and lock it away in a safe.
Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"jaylou" wrote:
> First question:
> I have a user that is admin on the server to perform security patches and
> general server maint. He is also a user in SQL. Since he is the Admin of
> the box he has also inherited Admin rights to SQL. I want him to have only
> " select,insert,update
and delete" rights to all tables but no other rights in
> SQL.
> Is this possible?
>
> 2nd question:
> Has anyone out there needed to separate SQL functions for SOX? If so can
> you please give me some ideas of how you separated SA and DBO functions?
> SA(insert, update, delete)
> DBO (create tables,give user rights etc..)
> Thanks,
> Joe
>
| |
| jaylou 2005-07-25, 7:26 am |
| Thank you!
Good Idea... I didnt know if I was able to do that.
Thanks again,
joe
"Mike Epprecht (SQL MVP)" wrote:
[color=darkred]
> 1. Remove the BUILTIN\administrato
rs group from SQL Server logins. The admins
> then don't have any access. Then add the specific user with only the
> permissions they need.
>
> 2. Don't use the SA account. Change it's password to something very
> difficult and lock it away in a safe.
>
> Regards
> --------------------------------
> Mike Epprecht, Microsoft SQL Server MVP
> Zurich, Switzerland
>
> MVP Program: http://www.microsoft.com/mvp
>
> Blog: http://www.msmvps.com/epprecht/
>
>
>
> "jaylou" wrote:
>
|
|
|
|
|