Create MS SQL login for support engineer to access only vendor database

Question 1

I have sql server 2005, I need to create separate database login to support engineer of my software vendor to access their own database. My only worry is deny him to take backup from our database while he connected remotely to resolve any incident in the application.

To sum up,

1- How to create login with access to specific database only 2- How to monitor his activity on database (what query he runs, is he try to took any backup and when) 3-Deny Any backup and restore task (I want to keep this only to sysadmin)

Question 2

I - To create a login with access to specific database only:

Use SSMS and connect to the SQL server instance
Open Security -> right click Logins -> New Login (e.g. login named SE)

enter image description here

3 Enter the login details. In Server Roles, make sure only 'public' is checked

enter image description here

4 In User Mapping, make sure only the vendor database is selected. enter image description here

If public role for the vendor database is not enough, grant the necessary permissions but only on the vendor database

Another solution is to deny access to all databases and then grant just to the vendor database

DENY VIEW ANY DATABASE TO [SE]

See more info here: http://msdn.microsoft.com/en-us/library/ms177518.aspx

II- How to monitor his activity on database (what query he runs, is he try to took any backup and when)

I suggest using some third party tools. Transaction logs don't capture info about executed queries

III-Deny Any backup and restore task (I want to keep this only to sysadmin)

Having public role will prevent the user to backup or restore databases

he'll get the following messages when he tries to backup or restore a database

enter image description here

T-SQL statement to deny creating backups is:

DENY BACKUP ANY DATABASE to [SE]

Question 3

Does DENY BACKUP ANY DATABASE actually exist in SQL Server? I usually have to create a server trigger on CREATE DATABASE to add DENY BACKUP to each specific database...

Carol Baker West Carol Baker West 1,61614 silver badges13 bronze badges · Answer 1 · 2012-12-17 09:36:28Z

I - To create a login with access to specific database only:

Use SSMS and connect to the SQL server instance
Open Security -> right click Logins -> New Login (e.g. login named SE)

enter image description here

3 Enter the login details. In Server Roles, make sure only 'public' is checked

enter image description here

4 In User Mapping, make sure only the vendor database is selected. enter image description here

If public role for the vendor database is not enough, grant the necessary permissions but only on the vendor database

Another solution is to deny access to all databases and then grant just to the vendor database

DENY VIEW ANY DATABASE TO [SE]

See more info here: http://msdn.microsoft.com/en-us/library/ms177518.aspx

II- How to monitor his activity on database (what query he runs, is he try to took any backup and when)

I suggest using some third party tools. Transaction logs don't capture info about executed queries

III-Deny Any backup and restore task (I want to keep this only to sysadmin)

Having public role will prevent the user to backup or restore databases

he'll get the following messages when he tries to backup or restore a database

enter image description here

T-SQL statement to deny creating backups is:

DENY BACKUP ANY DATABASE to [SE]

Does DENY BACKUP ANY DATABASE actually exist in SQL Server? I usually have to create a server trigger on CREATE DATABASE to add DENY BACKUP to each specific database...

Stack Exchange Network

Create MS SQL login for support engineer to access only vendor database

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Hot Network Questions

Create MS SQL login for support engineer to access only vendor database

1 Answer 1

Your Answer

Sign up or log in

Post as a guest

Post as a guest

Related

Hot Network Questions