Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
micahlmartin
Starting Member
3 Posts |
 Posted - 2008-03-20 : 11:20:34
|
| We have a distributed app that creates it's own instance of sqlexpress when installing. This prevents anyone with sa rights on another instance from accessing our data directly (HIPAA compliance concerns). We are currently looking into making our app easier to install, and want to be able to attach our database to existing instance (if one exists), but still prevent the sa account of that instance from directly accessing/viewing our data. Are application roles the way to accomplish this, is there another way, or is this even possible?Thanks in advance. |
|
|
elancaster
A very urgent SQL Yakette
1208 Posts |
Posted - 2008-03-20 : 11:23:29
|
| sa will still have accessEm |
 |
|
|
micahlmartin
Starting Member
3 Posts |
Posted - 2008-03-20 : 11:57:04
|
| Any suggestions as to the right approach?Thanks |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2008-03-20 : 12:38:58
|
| there is no right approach.sa will always have full access. the best you can do is to have a really strong sa password._______________________________________________Causing trouble since 1980blog: http://weblogs.sqlteam.com/mladenpSSMS Add-in that does a few things: www.ssmstoolspack.com |
|
|
|
micahlmartin
Starting Member
3 Posts |
Posted - 2008-03-20 : 13:53:58
|
| But the solutions is still to install a new instance for my app, right? |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2008-03-20 : 14:03:32
|
| Yes you will need to install a new instance just for your application. You'll have to remove the sysadmin fixed server role from the BUILTIN\Administrators group, otherwise local admins will have sysadmin access.But doing this prevents the DBA from doing his/her job on that instance. I guess your company will have to administer the instance and be responsible for checking on jobs and all other routine tasks.Tara KizerMicrosoft MVP for Windows Server System - SQL Serverhttp://weblogs.sqlteam.com/tarad/ |
|
|
|
|
|
|
Application Roles?