Prevent Network Administrators from access to sql database tables

Posted on 2007-10-19
Last Modified: 2008-01-09
I have an employee database and I want to restrict access to specific tables to only a couple of people not including the Network Admins. What would be the best way to go about doing this seeing as though they know the sa username and password? I thought about creating a group in Active Directory, then a role within SQL Server that denies that specific group access; however, they could just remove their name within the group and again have access.
I realize this is probably an obvious question but any suggestions would be helpful. Thanks

Using SQL Server 2000
Question by:SasDev
    LVL 142

    Accepted Solution

    anyone having sa power cannot be prevented to grant (or remove deny) of any access.
    if you need to remove the network or domain admins in general, you need to block the sa account as wells as the builtin\administrators as well as any login that has some fixed server roles assigned that can do the same.

    LVL 5

    Assisted Solution

    In order to restrict this access, you would have to remove BUILTIN\Administrators from the sysadmin fixed server role.  These users would then have non sysadmin access to the server and have to be granted specific access to each item you wanted them to have access to.

    Anyone who has sysadmin access will always have full access to your server and data.  Note that if you remove them, you will want to add your service account as a sysadmin, as well as NT AUTHORITY\SYSTEM.  These are system accounts used by SQL and they must have admin access for your server to run normally.

    For normal maintenance, backups, etc..  You could keep your Domain Admins on the server as dbo's in every database except the database you want to restrict.  You could also add them to the other server roles to give them some server admin type of access without having them able to access your restricted data.  Research fixed server roles in the books online to determine what would work for your organization.
    LVL 1

    Author Comment

    Great suggestions. Thanks for your help!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
    Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
    Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
    Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now