|
|
You're in the
sql server connect
group:sql database security
sql server connect:
This is the first time I use SQL server for my application.
I need to set up 2 databases in the same server. 1. The first database need to be "hidden" hence no one else even SA should not be able to see the database except for my application. 2. The second database can be seen by SA Is this possible on SQL Server? Pls enlighten me as I have been trying various setting but in vain! Min ps: I think this can be done easily using sybase ASA. I just simply set the username and password.
You cannot lock the sa (or any user in the sysadmin server role) out of
seeing a database by any method other than putting it on a different server. -- Kevin Hill President 3NF Consulting www.3nf-inc.com/NewsGroups.htm www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. www.experts-exchange.com - experts compete for points to answer your questions [quoted text, click to view] "Min" <limsohmin@hotmail.com> wrote in message news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... > This is the first time I use SQL server for my application. > I need to set up 2 databases in the same server. > > 1. The first database need to be "hidden" hence no one else even SA should > not be able to see the database except for my application. > > 2. The second database can be seen by SA > > Is this possible on SQL Server? > > Pls enlighten me as I have been trying various setting but in vain! > Min > ps: I think this can be done easily using sybase ASA. I just simply set > the > username and password. >
Thanks for the information.
1. Putting it on a different "server" means putting the database on a different pc? That doesn't solve my problem since the sa of that pc still can access the database, right? 2. Is there any other solution to ONLY allow my application to open the database and not any other personnel? Do I have to revert to sybase in this case? Min [quoted text, click to view] "Kevin3NF" wrote:
> You cannot lock the sa (or any user in the sysadmin server role) out of > seeing a database by any method other than putting it on a different server. > > -- > Kevin Hill > President > 3NF Consulting > > www.3nf-inc.com/NewsGroups.htm > > www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. > > www.experts-exchange.com - experts compete for points to answer your > questions > > > "Min" <limsohmin@hotmail.com> wrote in message > news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... > > This is the first time I use SQL server for my application. > > I need to set up 2 databases in the same server. > > > > 1. The first database need to be "hidden" hence no one else even SA should > > not be able to see the database except for my application. > > > > 2. The second database can be seen by SA > > > > Is this possible on SQL Server? > > > > Pls enlighten me as I have been trying various setting but in vain! > > Min > > ps: I think this can be done easily using sybase ASA. I just simply set > > the > > username and password. > > > >
Someone else may step in, but I am not aware of any way to lock sa out of a
database. SA is part of the sysadmin server role and cannot be removed. The sysadmin server role had rights to do anything in the installation and cannot be changed to the best of my knowledge. Yes, I was referring to having a different server, either on a different box or on a different instance on the same box -- Kevin Hill President 3NF Consulting www.3nf-inc.com/NewsGroups.htm www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. www.experts-exchange.com - experts compete for points to answer your questions [quoted text, click to view] "Min" <limsohmin@hotmail.com> wrote in message news:668942E3-7E14-4E20-99DA-A00FF9C4C607@microsoft.com... > Thanks for the information. > 1. Putting it on a different "server" means putting the database on a > different pc? > That doesn't solve my problem since the sa of that pc still can access the > database, right? > > 2. Is there any other solution to ONLY allow my application to open the > database and not any other personnel? Do I have to revert to sybase in > this > case? > > Min > > > "Kevin3NF" wrote: > >> You cannot lock the sa (or any user in the sysadmin server role) out of >> seeing a database by any method other than putting it on a different >> server. >> >> -- >> Kevin Hill >> President >> 3NF Consulting >> >> www.3nf-inc.com/NewsGroups.htm >> >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. >> >> www.experts-exchange.com - experts compete for points to answer your >> questions >> >> >> "Min" <limsohmin@hotmail.com> wrote in message >> news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... >> > This is the first time I use SQL server for my application. >> > I need to set up 2 databases in the same server. >> > >> > 1. The first database need to be "hidden" hence no one else even SA >> > should >> > not be able to see the database except for my application. >> > >> > 2. The second database can be seen by SA >> > >> > Is this possible on SQL Server? >> > >> > Pls enlighten me as I have been trying various setting but in vain! >> > Min >> > ps: I think this can be done easily using sybase ASA. I just simply set >> > the >> > username and password. >> > >> >> >>
Why would the someone that is not in the SA role try to block access to a
database. This sounds like you are trying to get around the IT department and you don't have the proper permissions. That is exactly why you can't do that in SQL Server. -- bahados [quoted text, click to view] "Kevin3NF" wrote:
> Someone else may step in, but I am not aware of any way to lock sa out of a > database. SA is part of the sysadmin server role and cannot be removed. > The sysadmin server role had rights to do anything in the installation and > cannot be changed to the best of my knowledge. > > Yes, I was referring to having a different server, either on a different box > or on a different instance on the same box > > -- > Kevin Hill > President > 3NF Consulting > > www.3nf-inc.com/NewsGroups.htm > > www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. > > www.experts-exchange.com - experts compete for points to answer your > questions > > > "Min" <limsohmin@hotmail.com> wrote in message > news:668942E3-7E14-4E20-99DA-A00FF9C4C607@microsoft.com... > > Thanks for the information. > > 1. Putting it on a different "server" means putting the database on a > > different pc? > > That doesn't solve my problem since the sa of that pc still can access the > > database, right? > > > > 2. Is there any other solution to ONLY allow my application to open the > > database and not any other personnel? Do I have to revert to sybase in > > this > > case? > > > > Min > > > > > > "Kevin3NF" wrote: > > > >> You cannot lock the sa (or any user in the sysadmin server role) out of > >> seeing a database by any method other than putting it on a different > >> server. > >> > >> -- > >> Kevin Hill > >> President > >> 3NF Consulting > >> > >> www.3nf-inc.com/NewsGroups.htm > >> > >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. > >> > >> www.experts-exchange.com - experts compete for points to answer your > >> questions > >> > >> > >> "Min" <limsohmin@hotmail.com> wrote in message > >> news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... > >> > This is the first time I use SQL server for my application. > >> > I need to set up 2 databases in the same server. > >> > > >> > 1. The first database need to be "hidden" hence no one else even SA > >> > should > >> > not be able to see the database except for my application. > >> > > >> > 2. The second database can be seen by SA > >> > > >> > Is this possible on SQL Server? > >> > > >> > Pls enlighten me as I have been trying various setting but in vain! > >> > Min > >> > ps: I think this can be done easily using sybase ASA. I just simply set > >> > the > >> > username and password. > >> > > >> > >> > >> > >
I wanted a database that is hidden such that ONLY my application can access
by supplying an ID and password. No one else can access it unless he has my ID and password. WHAT ABOUT EMBEDDED SQL? I just read about embedded sql. It seemed that this will allow application to be installed in end-users' environment together with database without any system administrator. Is this true? And under Login Security Options: It says: "Standard Security" is SQL server's default login security mode. I think it uses SQL server's own login validation process for all connections. It has no coordination with Windows NT accounts or passwords. Each SQL server user connection must provide a valid login ID and password when it connects to the SQL server. So I need not let my users know the ID and password (need to prevent them from accessing my database) and my application still runs. Is this ever possible? Please enlighten me! It is really appreciated. Thanks. Soh Min [quoted text, click to view] "Kevin3NF" wrote:
> Someone else may step in, but I am not aware of any way to lock sa out of a > database. SA is part of the sysadmin server role and cannot be removed. > The sysadmin server role had rights to do anything in the installation and > cannot be changed to the best of my knowledge. > > Yes, I was referring to having a different server, either on a different box > or on a different instance on the same box > > -- > Kevin Hill > President > 3NF Consulting > > www.3nf-inc.com/NewsGroups.htm > > www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. > > www.experts-exchange.com - experts compete for points to answer your > questions > > > "Min" <limsohmin@hotmail.com> wrote in message > news:668942E3-7E14-4E20-99DA-A00FF9C4C607@microsoft.com... > > Thanks for the information. > > 1. Putting it on a different "server" means putting the database on a > > different pc? > > That doesn't solve my problem since the sa of that pc still can access the > > database, right? > > > > 2. Is there any other solution to ONLY allow my application to open the > > database and not any other personnel? Do I have to revert to sybase in > > this > > case? > > > > Min > > > > > > "Kevin3NF" wrote: > > > >> You cannot lock the sa (or any user in the sysadmin server role) out of > >> seeing a database by any method other than putting it on a different > >> server. > >> > >> -- > >> Kevin Hill > >> President > >> 3NF Consulting > >> > >> www.3nf-inc.com/NewsGroups.htm > >> > >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. > >> > >> www.experts-exchange.com - experts compete for points to answer your > >> questions > >> > >> > >> "Min" <limsohmin@hotmail.com> wrote in message > >> news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... > >> > This is the first time I use SQL server for my application. > >> > I need to set up 2 databases in the same server. > >> > > >> > 1. The first database need to be "hidden" hence no one else even SA > >> > should > >> > not be able to see the database except for my application. > >> > > >> > 2. The second database can be seen by SA > >> > > >> > Is this possible on SQL Server? > >> > > >> > Pls enlighten me as I have been trying various setting but in vain! > >> > Min > >> > ps: I think this can be done easily using sybase ASA. I just simply set > >> > the > >> > username and password. > >> > > >> > >> > >> > >
Hi
"Embedded SQL" is a way to access SQL Server 7.0 and below from DOS or 16 bit applications. It is not a server install. If you look at prior threads in the newsgroups, this issue has been raised before. An administrator will always have access to your DB. Don't lock your own users out of the DB as then may need to restore and back it up. If you have Trade Secrets/Business Logic that needs to be kept safe, do it in the application middle tier. Protect yourself though licensing, not obscure security. Regards -------------------------------- Mike Epprecht, Microsoft SQL Server MVP Zurich, Switzerland IM: mike@epprecht.net MVP Program: http://www.microsoft.com/mvp Blog: http://www.msmvps.com/epprecht/ [quoted text, click to view] "Min" <limsohmin@hotmail.com> wrote in message news:CA8CD1BA-C0F6-494E-96BC-781AFA80B186@microsoft.com... >I wanted a database that is hidden such that ONLY my application can access > by supplying an ID and password. No one else can access it unless he has > my > ID and password. > > WHAT ABOUT EMBEDDED SQL? > I just read about embedded sql. It seemed that this will allow application > to be installed in end-users' environment together with database without > any > system administrator. Is this true? > > And under Login Security Options: > It says: "Standard Security" is SQL server's default login security mode. > I > think it uses SQL server's own login validation process for all > connections. > It has no coordination with Windows NT accounts or passwords. Each SQL > server user connection must provide a valid login ID and password when it > connects to the SQL server. So I need not let my users know the ID and > password (need to prevent them from accessing my database) and my > application > still runs. Is this ever possible? > > Please enlighten me! It is really appreciated. > > Thanks. > Soh Min > > > "Kevin3NF" wrote: > >> Someone else may step in, but I am not aware of any way to lock sa out of >> a >> database. SA is part of the sysadmin server role and cannot be removed. >> The sysadmin server role had rights to do anything in the installation >> and >> cannot be changed to the best of my knowledge. >> >> Yes, I was referring to having a different server, either on a different >> box >> or on a different instance on the same box >> >> -- >> Kevin Hill >> President >> 3NF Consulting >> >> www.3nf-inc.com/NewsGroups.htm >> >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. >> >> www.experts-exchange.com - experts compete for points to answer your >> questions >> >> >> "Min" <limsohmin@hotmail.com> wrote in message >> news:668942E3-7E14-4E20-99DA-A00FF9C4C607@microsoft.com... >> > Thanks for the information. >> > 1. Putting it on a different "server" means putting the database on a >> > different pc? >> > That doesn't solve my problem since the sa of that pc still can access >> > the >> > database, right? >> > >> > 2. Is there any other solution to ONLY allow my application to open the >> > database and not any other personnel? Do I have to revert to sybase in >> > this >> > case? >> > >> > Min >> > >> > >> > "Kevin3NF" wrote: >> > >> >> You cannot lock the sa (or any user in the sysadmin server role) out >> >> of >> >> seeing a database by any method other than putting it on a different >> >> server. >> >> >> >> -- >> >> Kevin Hill >> >> President >> >> 3NF Consulting >> >> >> >> www.3nf-inc.com/NewsGroups.htm >> >> >> >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area >> >> DBAs. >> >> >> >> www.experts-exchange.com - experts compete for points to answer your >> >> questions >> >> >> >> >> >> "Min" <limsohmin@hotmail.com> wrote in message >> >> news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... >> >> > This is the first time I use SQL server for my application. >> >> > I need to set up 2 databases in the same server. >> >> > >> >> > 1. The first database need to be "hidden" hence no one else even SA >> >> > should >> >> > not be able to see the database except for my application. >> >> > >> >> > 2. The second database can be seen by SA >> >> > >> >> > Is this possible on SQL Server? >> >> > >> >> > Pls enlighten me as I have been trying various setting but in vain! >> >> > Min >> >> > ps: I think this can be done easily using sybase ASA. I just simply >> >> > set >> >> > the >> >> > username and password. >> >> > >> >> >> >> >> >> >> >> >>
To all who replied to my question:
Thank you very much for your time and advice. Most importantly, thanks for convincing me to give up trying this idea totally. Min [quoted text, click to view] "Mike Epprecht (SQL MVP)" wrote:
> Hi > > "Embedded SQL" is a way to access SQL Server 7.0 and below from DOS or 16 > bit applications. It is not a server install. > > If you look at prior threads in the newsgroups, this issue has been raised > before. > An administrator will always have access to your DB. > Don't lock your own users out of the DB as then may need to restore and back > it up. > If you have Trade Secrets/Business Logic that needs to be kept safe, do it > in the application middle tier. > Protect yourself though licensing, not obscure security. > > Regards > -------------------------------- > Mike Epprecht, Microsoft SQL Server MVP > Zurich, Switzerland > > IM: mike@epprecht.net > > MVP Program: http://www.microsoft.com/mvp > > Blog: http://www.msmvps.com/epprecht/ > > "Min" <limsohmin@hotmail.com> wrote in message > news:CA8CD1BA-C0F6-494E-96BC-781AFA80B186@microsoft.com... > >I wanted a database that is hidden such that ONLY my application can access > > by supplying an ID and password. No one else can access it unless he has > > my > > ID and password. > > > > WHAT ABOUT EMBEDDED SQL? > > I just read about embedded sql. It seemed that this will allow application > > to be installed in end-users' environment together with database without > > any > > system administrator. Is this true? > > > > And under Login Security Options: > > It says: "Standard Security" is SQL server's default login security mode. > > I > > think it uses SQL server's own login validation process for all > > connections. > > It has no coordination with Windows NT accounts or passwords. Each SQL > > server user connection must provide a valid login ID and password when it > > connects to the SQL server. So I need not let my users know the ID and > > password (need to prevent them from accessing my database) and my > > application > > still runs. Is this ever possible? > > > > Please enlighten me! It is really appreciated. > > > > Thanks. > > Soh Min > > > > > > "Kevin3NF" wrote: > > > >> Someone else may step in, but I am not aware of any way to lock sa out of > >> a > >> database. SA is part of the sysadmin server role and cannot be removed. > >> The sysadmin server role had rights to do anything in the installation > >> and > >> cannot be changed to the best of my knowledge. > >> > >> Yes, I was referring to having a different server, either on a different > >> box > >> or on a different instance on the same box > >> > >> -- > >> Kevin Hill > >> President > >> 3NF Consulting > >> > >> www.3nf-inc.com/NewsGroups.htm > >> > >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area DBAs. > >> > >> www.experts-exchange.com - experts compete for points to answer your > >> questions > >> > >> > >> "Min" <limsohmin@hotmail.com> wrote in message > >> news:668942E3-7E14-4E20-99DA-A00FF9C4C607@microsoft.com... > >> > Thanks for the information. > >> > 1. Putting it on a different "server" means putting the database on a > >> > different pc? > >> > That doesn't solve my problem since the sa of that pc still can access > >> > the > >> > database, right? > >> > > >> > 2. Is there any other solution to ONLY allow my application to open the > >> > database and not any other personnel? Do I have to revert to sybase in > >> > this > >> > case? > >> > > >> > Min > >> > > >> > > >> > "Kevin3NF" wrote: > >> > > >> >> You cannot lock the sa (or any user in the sysadmin server role) out > >> >> of > >> >> seeing a database by any method other than putting it on a different > >> >> server. > >> >> > >> >> -- > >> >> Kevin Hill > >> >> President > >> >> 3NF Consulting > >> >> > >> >> www.3nf-inc.com/NewsGroups.htm > >> >> > >> >> www.DallasDBAs.com/forum - new DB forum for Dallas/Ft. Worth area > >> >> DBAs. > >> >> > >> >> www.experts-exchange.com - experts compete for points to answer your > >> >> questions > >> >> > >> >> > >> >> "Min" <limsohmin@hotmail.com> wrote in message > >> >> news:8119E780-4015-45B0-BA34-E32A958072FD@microsoft.com... > >> >> > This is the first time I use SQL server for my application. > >> >> > I need to set up 2 databases in the same server. > >> >> > > >> >> > 1. The first database need to be "hidden" hence no one else even SA > >> >> > should > >> >> > not be able to see the database except for my application. > >> >> > > >> >> > 2. The second database can be seen by SA > >> >> > > >> >> > Is this possible on SQL Server? > >> >> > > >> >> > Pls enlighten me as I have been trying various setting but in vain! > >> >> > Min > >> >> > ps: I think this can be done easily using sybase ASA. I just simply > >> >> > set > >> >> > the > >> >> > username and password. > >> >> > > >> >> > >> >> > >> >> > >> > >> > >> > >
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |