SQL Server DBA:Everything | DBA Scripts | Powershell Scripts | DBA checklists | SQL Antipattern | Wait Stats | Contact
Search sqlserver-dba.com
Follow sqlserver-dba.com
SQLServer-DBA.com Links
Recent Posts
- How to get SQL port number using xp_readererrorlog
- Astronauts are taught this six-stage decision making process
- Connection failed - SQL Server Error 772 - TCPIP Socket
- TLS , SQL Server and powershell cmdlet - Get-TLSCipherSuite
- Msg 9772, Level 16, State 1 - The Service Broker in database "xxxx" cannot be enabled because there is already an enabled Service Broker with the same ID.
- Query VMWare vCenter VCDB database for guest power state = OFF
- How to find the local tcp port used on SQL Server
- SQL Server database roles and GDPR
- Checking compatibility for a SQL Server database migration to Azure with sqlpackage.exe
- How to enable MSDTC XA transactions with Powershell
02 January,2014 by Jack Vamvas
A SQL Server database comes with a range of fixed roles beyond read and write.
db_owner
db_accessAdmin
db_securityadmin
db_ddladmin
Assigning a database user with these permissions requires strict controls. Very often a user can accidentally drop an object, rename an object or change other users permissions and restricting their access to data.
What controls do you have in place to audit these permissions? It is not unusual for a user to request temporary elevated access to a database , for example , to change the definition of code or for an installation.
A common approach is to create a regular audit – which monitors and reports on elevated permissions. The DBA can work with the database owner to outline the risks as part of a regular database risk assessment and to create steps for changing the permission. I am happy when I see database users at the db_reader and db_writer permission level
Ultimately it is the DBAs responsibility to ensure the security policy is in place and a process exists to check against the policy..
Read More on database risk and security audit
Decrease database risks with minimal spend
SQL Server - Security Risk Analysis and database security
How to create a SQL Server Security Audit
Author: Jack Vamvas (http://www.sqlserver-dba.com)
Share:
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |