Restricting a SQL Server schema to a single user
Question
We have a SQL Server database that will be deployed to client servers. The database contains a number of schemas, some of which we want only the application to access. Is it possible to deny access to all users (even sa) except a user we create to those schemas?
1 answers
solution1
0 ACCPTED 2015-07-03 18:00:53
You cannot remove the SA out of the permissions. Every person who is SA can see and work with your data. It doesn't count which schema it is in. Another option for an SA is the usage of DBCC , which will help him avoid some principles (like the one that a temporary table is only visible to the session which generated it).
If you trust a person to be an SA , you really should trust him to access all of your data.
The only way to avoid this, is to wait for SQL Server 2016. It will allow you to store every data in your database encrypted. Even the SQL Server itself can't access all information of it. The decryption/encryption is done by the application. SQL Server self don't know the key. The new features will be called always encrypted .
Anyway, you can do such a scenario on your own with nearly all SQL Server variants, but it would be a bit more work as in SQL Server 2016.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.