0

We have a ASP.NET web application with SQL Server 2008 R2 as the backend.

Our client wants the application hosted on their servers to which they will have full administrative access.

I have 2 questions:

1 - Is there any good way of restricting their access to the back-end database.

2 - Are there any tools (free or cheap preferably) to monitor if anyone has logged into the database from outside the application ?

Many Thanks.

Regards

user2211524
  • 13
  • 3
  • 1 dont give them sa account, which they wont be happy. 2 sql server has audit logs. Check that out – vasin1987 Mar 19 '14 at 12:03
  • @vasin1987 If they have **full administrative access** they won't need the sa account and there 's no possible way to restrict access to the database. – Filburt Mar 19 '14 at 12:05
  • @Filburt i agree. If customer has full administrative access, they are partially responsible for what happen to the data – vasin1987 Mar 19 '14 at 12:07

1 Answers1

0

In answer to your first question: If they have full admin access to the server, they're going to be able to do whatever they want with the databases on it. However you can still add auditing to the server, if you can trust them not to tamper with that. I'd suggest making it a condition of the support you provide them, to not make changes to the database directly.

In answer to your second question:

SQL Server Auditing - can be used for instance and database level auditing.

For more information, this is a pretty good guide with examples of how to set it up: http://bradmcgehee.com/2010/03/30/an-introduction-to-sql-server-2008-audit/

This also gives even more information on how it works and examples: http://msdn.microsoft.com/en-us/library/dd392015%28v=sql.100%29.aspx

Steve
  • 329
  • 1
  • 9