Does anyone have any examples of how you split the SA and DBA functions to b
e
compliant? I have been looking all over the place and I can't find any
documentation on this. I can't believe I work for the only company facing
this Horrible situation.
TIA,
JoeIf by SA you mean Systems Administrator, what we have done is considered tha
t
to be a special SQL Server account that does not exists at the OS level. And
we disable the builtin\administrator account. The SA account is therefore
the DBA account with no or no special OS privileges.
We have also split the OS responsibilities from the DB responsibilities to
separate groups.
Joseph R.P. Maloney, CSP,CCP,CDP
"jaylou" wrote:
> Does anyone have any examples of how you split the SA and DBA functions to
be
> compliant? I have been looking all over the place and I can't find any
> documentation on this. I can't believe I work for the only company facing
> this Horrible situation.
> TIA,
> Joe
>|||Thanks for the reply.
I am guessing I am on the same road you are on. I have created a user with
security admin server role that our network security team will use to create
new logins into the server. I have then removed builtin\admins as you did.
the problem is I as a NON SA I can't manage operators, link servers, create
maint plans etc. We are trying to make i tso there has to be at least 2
people involved to commit fraud. this way there isn't one person that can
create a login, log in as that new user change data, and remove the user. N
o
real audit trail there. I wish threre was a way to remove the add new login
s
from SA, but that isn't possible.
Thanks,
Joe
"jrpm" wrote:
[vbcol=seagreen]
> If by SA you mean Systems Administrator, what we have done is considered t
hat
> to be a special SQL Server account that does not exists at the OS level. A
nd
> we disable the builtin\administrator account. The SA account is therefore
> the DBA account with no or no special OS privileges.
> We have also split the OS responsibilities from the DB responsibilities to
> separate groups.
>
> --
> Joseph R.P. Maloney, CSP,CCP,CDP
>
> "jaylou" wrote:
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment