Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Precautions 1

Status
Not open for further replies.
Memento

Memento

MIS
Jun 19, 2005
46
US
I have SQL Server 2000 that has a five databases on it. I have a vendor who needs access to this server since his database now resides on it. We have a VPN connection to allow him through, but I am unsure on what security precautions I need to take care of before I give him access. I also now have the ability to allow him to connect through Terminal Server. Ideally, I'd like him to only be able to go to HIS database.

In short, what is the most secure method of allowing him TS or VPN, and limiting him to only his database.

Windows 2003 Server
Sql Server 2000
 
Sort by date Sort by votes
Create a group with permissions only to his database (and only the permissions he actually needs).

Assign each user in his company to that group.

Do not permit him to use a single log on for all users if you can avoid doing so.

Do not permit him to log in as 'sa', even if he needs admin permissions.

You might consider giving him 2 groups

example: VendorAdmin with administrator rights
members DDuck
MMouse

Vendor User with read only rights or whatever
members Bozo
BRabbit
etc, etc

 
Upvote 0 Downvote
Thanks for the post.

You've given me a good starting point. I definitely will not give him the sa.
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top