As DBAs we typically restrict the use of Enterprise Manager and other DBA
Admin type utilities from end-users. Even with a user's SQL server
permissions being appropriately defined and restricted, to limit their
abilities within Enterprise Manager, I typically do not allow end users to
use Enterprise Manager, for the same reason that an Exchange administrator
doesn't allow end-users to run Exchange Administrator to manage their
mailbox. It's an administration utility and is not intended as a data
manipulation interface.
I am faced with a unique situation where a 'power user' insists on wanting
to use SQL Enterprise Manager to access a particular database to which he has
read/write permissions to the production data, as he wants to browse and
modify data ad-hoc within the Enterprise Manager GUI (by right-clicking on a
table and selecting the 'Open, Return All Rows', etc. Due to political
reasons beyond my control, it appears that I will be 'told' to let him use
Enterprise Manager by upper management, so that the user can manage the data
via SQL EM.
Outside of the technical reasons why an end-user should not be using SQL
Enterprise Manager as the GUI to manage data within a database, even with
proper security, does anyone know of official audit guidelines that would
raise a 'red flag' if an audit determined that an end-user(s) were managing
data via SQL Enterprise Manager?
Thanks
D
Apart from read/write to certain tables in the DB, what other rights does
this user have within the server and database? The fact that an end-user
can (knowingly or not), if their rights aren't severely restricted, drop a
table, access and modify security/login info, modify/overwrite/delete
backups, add/remove indexes, etc. would make me wary.
Maybe you can suggest to them that this guy use Access as the front end, and
Link the tables he needs into Access so he can edit to his heart's content
without getting anywhere near EM?
"DBADave" <DBADave@.discussions.microsoft.com> wrote in message
news:D8E94FA5-3F83-4B63-9EFA-1A65F14C1857@.microsoft.com...
> As DBAs we typically restrict the use of Enterprise Manager and other DBA
> Admin type utilities from end-users. Even with a user's SQL server
> permissions being appropriately defined and restricted, to limit their
> abilities within Enterprise Manager, I typically do not allow end users to
> use Enterprise Manager, for the same reason that an Exchange administrator
> doesn't allow end-users to run Exchange Administrator to manage their
> mailbox. It's an administration utility and is not intended as a data
> manipulation interface.
> I am faced with a unique situation where a 'power user' insists on wanting
> to use SQL Enterprise Manager to access a particular database to which he
> has
> read/write permissions to the production data, as he wants to browse and
> modify data ad-hoc within the Enterprise Manager GUI (by right-clicking on
> a
> table and selecting the 'Open, Return All Rows', etc. Due to political
> reasons beyond my control, it appears that I will be 'told' to let him use
> Enterprise Manager by upper management, so that the user can manage the
> data
> via SQL EM.
> Outside of the technical reasons why an end-user should not be using SQL
> Enterprise Manager as the GUI to manage data within a database, even with
> proper security, does anyone know of official audit guidelines that would
> raise a 'red flag' if an audit determined that an end-user(s) were
> managing
> data via SQL Enterprise Manager?
> Thanks
> D
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment