0

My database is visible to all users in my work environment and it's a bit risky. I need to make this database visible to just a special user who can execute queries. I'm not a database specialist

Soutzikevich
  • 991
  • 3
  • 13
  • 29
fatiDev
  • 5,752
  • 7
  • 28
  • 45
  • 1
    It's impossible to answer such a vague question. Nobody has access to SQL Server unless explicitly granted access by the DBA. If someone addedd the `Everyone` group, just remove it. You can specify specific permissions per role and user. – Panagiotis Kanavos Jun 02 '17 at 11:04
  • 1
    If all applications connect as `sa` though, there's nothing you can do. `sa` *IS* the DBA account. You'll have to add new accounts with restricted permissions, change the accounts used by all applications *and* change the sa password – Panagiotis Kanavos Jun 02 '17 at 11:05
  • if i create a special user for this database ; then how to prevent the sa from accessign database ? – fatiDev Jun 02 '17 at 11:06
  • 1
    You misunderstand. The `sa` *is* the system administrator account. You can disable it, provided *you* have the sysadmin privileges. Or you can disable SQL Server accounts completely and use Windows authentication. If you don't know what all that means though, you shouldn't do anything. You may end up locking everyone out, including yourself – Panagiotis Kanavos Jun 02 '17 at 11:08
  • 2
    You probably want to read up on SQL Server permissions in general (https://msdn.microsoft.com/en-us/library/bb669084(v=vs.110).aspx) first. In general, you can grant and revoke privileges at a granular level in SQL Server - so you can revoke all access from everyone, and then create a new user who can execute queries. – Neville Kuyt Jun 02 '17 at 11:12
  • 3
    employ someone to do this for you. Beats the hell out of reading hours of material and then following suggestions from detached third parties such as SO users. – Martin Jun 02 '17 at 11:14
  • 1
    Security isn't a "do this and you're done" thing. You have to know what you're doing and what the implications are. You should read the documentation, maybe check the SQL Server courses offered by Pluralsight. You can get 3 months free access through the (also free) [Visual Studio Dev Essentials](https://www.visualstudio.com/dev-essentials/) program – Panagiotis Kanavos Jun 02 '17 at 11:14
  • Ok , thanks a lot for all your suggestions , i'll be carefull , I'm a developper not a database specialist , but i' have this worry , I don't want that every one even the sa can see or alter my data – fatiDev Jun 02 '17 at 11:18

0 Answers0