C
-=Chris=-
I was minding my own business when nospam blurted out:
Um... the SysAdmin is generally responsible for the health and maintenence
of the server on which SQL server rides on. In fact, the sys admin is often
responsible for many of the same types of tasks that the DBA is responsible
for. Speaking for myself, as a sys admin, I would refuse to manage a server
that I did not have access to. That would be like asking a developer to
develop a database application without access to the database.
And a disgruntled DBA with admin access to the db couldn't do the same
thing? Not a good argument.
Not true. Even if you set your SQL server to use integrated security, the
only windows users who have access to the server by default are local and/or
domain administrators. Regular users ONLY have access once an admin has
granted them access. In addition, the same security restrictions that can
be placed on sql users, can be placed on windows users. When granting a
windows user access to a database, a sql server login is actually created to
represent the windows user.
Not always true. Consider the fact that not all businesses have only 1 web
and 1 sql server to manage. Some of them have 10s, or even hundreds.
The last person you ever want to give access to your SQL Server is a Sys
Admin!!!!
Um... the SysAdmin is generally responsible for the health and maintenence
of the server on which SQL server rides on. In fact, the sys admin is often
responsible for many of the same types of tasks that the DBA is responsible
for. Speaking for myself, as a sys admin, I would refuse to manage a server
that I did not have access to. That would be like asking a developer to
develop a database application without access to the database.
Most attacks and computer crimes come from the inside...and GUESS
WHO those insiders might be? disgruntled SysAdmin.....
And a disgruntled DBA with admin access to the db couldn't do the same
thing? Not a good argument.
committed.....By opening up SQL Server to the Windows Security all those on the Windows
side are now potential suspects IF a computer crime would be
Not true. Even if you set your SQL server to use integrated security, the
only windows users who have access to the server by default are local and/or
domain administrators. Regular users ONLY have access once an admin has
granted them access. In addition, the same security restrictions that can
be placed on sql users, can be placed on windows users. When granting a
windows user access to a database, a sql server login is actually created to
represent the windows user.
Second of all if there is a Web Server, the SQL server should be in the same
room with an independent $50 dollar network switch directly connected to the
Web server thereby eliminating any network intercepts in the first place.
Not always true. Consider the fact that not all businesses have only 1 web
and 1 sql server to manage. Some of them have 10s, or even hundreds.