Sunday, March 11, 2012

Assigning User to a Database

Hi

I am using SQL SERVER 2000. Until now my application used the default user "sa", but now the illigal access to my database make me move to a more secure login.

i am new to this concept.

i need to create a login, which i am successful in creating, but my problem is

I need to allow only this user to access my database and no other user should login my database.

please can any one explain how to do this.

its very urgent.

regards

James Alvin

Noone is granted access to a database unless you allow it, so go ahead and create a user and give him the appropiate permissions on the database. Make in addition sure, that if you want to restrict the sysadmin users (which is by default the sa and the members of the sysadmin group, e.g. the local administrators) you will have to remove them from the groups / disable the sa account.

Jens K. Suessmeyer

http://www.sqlserver2005.de

|||

hi

how can we disable sa account in sql server 2000

|||

You can't disable sa on a SQL Server 2000 instance. Not in any way that would be supported. Some time ago, a few people hacked at the system tables and eventually removed sa but then they had continual problems, couldn't apply service packs and were on an unsupported system. So not in any way that would be supported or stable.

Another option, depending on your application, would be to use just Windows Authentication and use impersonation in your application to log in with just the one windows account you add to the users for this database.

Sysadmins will still be able to access that database though. If it's that critical to lock out everyone, you would want to look at auditing as well as explore third party options for encryption.

-Sue

.

|||

Yes, I ment dismanteling instead of disabling. What I do in reality is to give the sa a cryptic (long and non-guessable) password and lock this in the (virtual) safe. Noone should use that account beside emergencies (like locked accounts etc.) Then I create a new login which has the same rights but a non well-known name (like sa, everyone know that this is the system adminstrator and therefore you only have to guess the password as you already know the name). This account is then mainly used for tasks that cannot be done with the Windows authentication (like users which are not present in the AD). If you are able only use Windows authentication you can even discard this task.

Jens K. Suessmeyer

http://www.sqlserver2005.de

Posted by Chasidy at 7:10 PM
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)