Results 1 to 12 of 12
  1. #1
    Join Date
    Jul 2009
    Location
    India
    Posts
    4

    Lightbulb DBA access levels to data

    Hi Everyone,

    Can anyone be able to provide me the information on the DBA access information towards data at various security level? If yes, I will go ahead with my question further

  2. #2
    Join Date
    Apr 2002
    Location
    Toronto, Canada
    Posts
    20,002
    i think you should just go ahead with your question further anyhow
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL

  3. #3
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Quote Originally Posted by nishgibb
    Can anyone be able to provide me the information on the DBA access information towards data at various security level?
    Blue.
    Quote Originally Posted by nishgibb
    If yes, I will go ahead with my question further
    That would be better.

    -PatP
    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  4. #4
    Join Date
    Jun 2003
    Location
    Ohio
    Posts
    12,592
    Quote Originally Posted by Pat Phelan
    Quote Originally Posted by nishgibb
    Can anyone be able to provide me the information on the DBA access information towards data at various security level?
    Blue.
    -PatP
    Wait. No, Red! YEEEAAHHHHHhhhhhhhhhhhhhh.
    If it's not practically useful, then it's practically useless.

    blindman
    www.chess.com: "sqlblindman"
    www.LobsterShot.blogspot.com

  5. #5
    Join Date
    Jul 2009
    Location
    India
    Posts
    4

    DBA role

    Is it possible to restrict access to a particular object on a sensitive data to a user who has already been granted the DBA role?

    the user in question should still be able to perform DBA activities, but when it comes to the object in question, he/she should not be able to select, insert, update or delete from the table...

    Say for example hiding some sensitive data from the DBA itself.. did I make myself clear?

  6. #6
    Join Date
    Dec 2007
    Location
    London, UK
    Posts
    741
    Yes it's possible but the details are very dependent on what DBMS product you are using. Please tell us what DBMS you are referring to or post your question in one of the product-specific forums.

  7. #7
    Join Date
    Nov 2003
    Posts
    2,935
    I don't think it's possible. As the user has DBA privilege he/she can always grant herself/himself access to those objects even if the privileges have not been granted before.

  8. #8
    Join Date
    Jul 2009
    Location
    India
    Posts
    4
    Quote Originally Posted by dportas
    Yes it's possible but the details are very dependent on what DBMS product you are using. Please tell us what DBMS you are referring to or post your question in one of the product-specific forums.
    So, you are saying that each DBMS product has got its own rules defined on a DBA role, because I am looking out for the options on the products that I have been working starting from Oracle, Microsoft SQL Server, DB2, Sybase and Teradata. I am working on some sensitive data where I need to restrict the access level of the DBA, please give me options
    Last edited by nishgibb; 07-22-09 at 02:21.

  9. #9
    Join Date
    Apr 2002
    Location
    Toronto, Canada
    Posts
    20,002
    Quote Originally Posted by nishgibb
    I am working on some sensitive data where I need to restrict the access level of the DBA, please give me options
    here's an option: make yourself the only DBA, and don't grant access to the sensitive data to anyone else
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL

  10. #10
    Join Date
    Dec 2007
    Location
    London, UK
    Posts
    741
    Every vendor has its own way of defining and controlling adminitrative roles. In Oracle you can use Database Vault to restrict DBA access:

    Introducing Oracle Database Vault

    In SQL Server use encryption and key management.

    There are also third party tools such as:
    http://www.rsa.com/products/bsafe/da...SM_DS_0407.pdf
    (Note: I happen to work for EMC whose product this is, although I don't have personal experience of using it)

    You'll have to Google for info on the other products. Take a look at their respective sites.

  11. #11
    Join Date
    Jul 2009
    Location
    India
    Posts
    4
    Thanks for the information

  12. #12
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    If you can truly restrict a users access to any object in the database, then that user is by definition not a Database Administrator.

    There are multiple options for managing sensitive data, and some of those methods work well across different database platforms. Without knowing more details about what you want to accomplish, all I can say with confidence is "Yes, there is a solution to this problem."

    -PatP
    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •