Total Pageviews

Monday, September 12, 2011

Simply donot revoke the high Privileage role Like sysadmin,DB_Owner ,etc..

I often see and saw in my Projects, all we know Security should be tight if so what way?

There are Many organizations either small,medium or Big -they have to consider how well they have Implemented security to Maintain from unauthorized accesses or Unknown person or Indirect accesses to the database Engine?.

So in our organization there is an Se prate team called Audit team, they will run the scripts across LOB's of the database engine's that will generate an report to get the High privilege roles on the Server level or database level & his/her permissions.

so according to the audit team we will start following up with the Business team/application team as mentioned below-

1)If they need high Privilege accesses like SA role on the server level or dbo on database level --they have to notify to audit team

what purpose it needed?
what applications are using?
why it needed?
Approval from business?

if all  they provided then audit team will track those for the reference, if not needed then they will inform us to revoke the role of High Privilege.
so what we are going to do we will raise an change (i,e what activity we are going to perform) to revoke the Role,How ever before revoking the roles we need to ensurebelow information.

1)Identify what ID is that(SQL id or Doamin ID)?

2)Identify that what are all the Jobs(applications/Maintenace Plan jobs) are depneds on those Id's?

3)Get before confirmation from application/Business whether those ID's will use someother applications where it indirectly connects to the SQL server database engine?


so if you have not taken any actions before revoking the roles then dependent job's starts failing(if you have alerting set up then you come to know if not you come to

know when the issue occurs or if applications/business comes back).




No comments: