Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
kvvsprakash
Starting Member
6 Posts |
 Posted - 2011-08-16 : 13:20:30
|
| Hi Guys,We are having one server with windows 2008 OS ans sqlserver 2008 installed on it.we decided to have two applications on the same server.two databases are created ,applications were installed.everything seems working fine.one application needed sysadmin role to perform it's functioning.So I have assigned sysadmin role to it.But that user is now able to see the data of other database tables which is very confidential.Could any one guide me how I can provide service to my customers.when both customers login to server with windows authentication they should not be able to see each other database tables.Please get back to me as soon as possible.Thanks In advance,Prakash. |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2011-08-16 : 13:35:46
|
| I can just about guarantee that the login for the one app does not need sysadmin server role.You'll need to identify and fine tune the permissions it needs. |
 |
|
|
kvvsprakash
Starting Member
6 Posts |
Posted - 2011-08-16 : 14:38:48
|
quote:
Originally posted by russell
I can just about guarantee that the login for the one app does not need sysadmin server role.You'll need to identify and fine tune the permissions it needs.
Thx for your reply,It's a third party application where vendor specification to have server role as sysadmin to particular service user.we tested by removing sysadmin role,but we encountered the permissions issue in application.So I would glad if I get the process to secure the data without removing the sysadmin role to one user.Thanks,Prakash. |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2011-08-16 : 18:09:49
|
| Install a second instance of SQL Server and move one of the databases to the other instance.And in the future, never buy vendor applications that need sysadmin access. It's a sure sign that the vendor doesn't know what they are doing.CODO ERGO SUM |
|
|
|
kvvsprakash
Starting Member
6 Posts |
Posted - 2011-08-19 : 11:04:07
|
quote:
Originally posted by Michael Valentine Jones
Install a second instance of SQL Server and move one of the databases to the other instance.And in the future, never buy vendor applications that need sysadmin access. It's a sure sign that the vendor doesn't know what they are doing.Michael,Thanks for your help..I think I have only this option..I will try it out..Prakash.CODO ERGO SUM
Praash |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2011-08-19 : 11:11:35
|
| "we tested by removing sysadmin role,but we encountered the permissions issue in application."Try database owner instead?I wouldn't want an application on my server that needed sysadmin, regardless of having other databases in other instances - but maybe I am over-cautious. |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2011-08-19 : 12:11:29
|
quote:
Originally posted by Kristen
"we tested by removing sysadmin role,but we encountered the permissions issue in application."Try database owner instead?I wouldn't want an application on my server that needed sysadmin, regardless of having other databases in other instances - but maybe I am over-cautious.
I have seen many vendor applications that insisted on this, so I am not surprised.Just another good candidate for this thread:That Darn Vendorhttp://www.sqlteam.com/forums/topic.asp?TOPIC_ID=139011See my post at 08/19/2011 12:05:02 for something even worse than insisting on sysadmin access:http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=139011&whichpage=4CODO ERGO SUM |
|
|
|
|
|
|
|
|
two databases on single server. security ?