[thelist] SQL Server security question

Paul Cowan paul at wishlist.com.au
Mon Apr 15 19:39:01 CDT 2002


Scott Dexter wrote:
> Is there a way to lock down a database on SQL Server (7 or 2000 for
> discussion) such that even the 'sa' login can be prevented access?

Fundamentally, no. I assume the problem here is that they want access to
their private database on a shared server, but do not want you (the hoster)
to be able to access it...? Or something similar, anyway.

However, even if you could block off SA from access to the database (and I'm
not sure that that's possible without crippling the SA account), then the SA
could always create a new login and assign itself permissions, as is SA's
right.

Theoretically, I guess, the SA user might be able to rescind SA privileges
somehow, but then you would have no way of administering the box: and if
it's a shared box, that = disaster. If it's their box, and they're just
paranoid, then it will come back to bite you on the ass because they will
come to you and whinge when they lock themselves out, trust me.

I suggest you pull out the clue-by-four...

Cheers,

Paul.



More information about the thelist mailing list