Hello everyone,
Here goes another wired on... Currently I have a local test SQL server setup
on my PC. I need to give access to another (entry, verrrrrryyyy entry level)
programmer access to my local server (READ ONLY). but here goes the problem,
I discovered that the employee replicated my db and left it open causing
security issues, since the data contains lots of sensitive data. (credit
cards, soc sec, emp names, etc). Is theirs a way in SQL server to assign
field level security? for example : I want to give him access to employee
names in the employee db, but I don't want him to be able to view employees
socials? the same with customers and credit card information or to restrict
him from exporting any data/scripts. any ideas'
Thanks in advance
AlexThank u!!!!
"alex" <hjhjjhhj@.ghghhg.com> wrote in message
news:%23LWLPaEWDHA.1480@.tk2msftngp13.phx.gbl...
> Hello everyone,
> Here goes another wired on... Currently I have a local test SQL server
setup
> on my PC. I need to give access to another (entry, verrrrrryyyy entry
level)
> programmer access to my local server (READ ONLY). but here goes the
problem,
> I discovered that the employee replicated my db and left it open causing
> security issues, since the data contains lots of sensitive data. (credit
> cards, soc sec, emp names, etc). Is theirs a way in SQL server to assign
> field level security? for example : I want to give him access to employee
> names in the employee db, but I don't want him to be able to view
employees
> socials? the same with customers and credit card information or to
restrict
> him from exporting any data/scripts. any ideas'
> Thanks in advance
> Alex
>|||"alex" <hjhjjhhj@.ghghhg.com> wrote in message
news:eVCvrHFWDHA.2008@.TK2MSFTNGP11.phx.gbl...
> Thank u!!!!
>
> "alex" <hjhjjhhj@.ghghhg.com> wrote in message
> news:%23LWLPaEWDHA.1480@.tk2msftngp13.phx.gbl...
> > Hello everyone,
> >
> > Here goes another wired on... Currently I have a local test SQL server
> setup
> > on my PC. I need to give access to another (entry, verrrrrryyyy entry
> level)
> > programmer access to my local server (READ ONLY). but here goes the
> problem,
> > I discovered that the employee replicated my db and left it open causing
> > security issues, since the data contains lots of sensitive data. (credit
> > cards, soc sec, emp names, etc). Is theirs a way in SQL server to assign
> > field level security? for example : I want to give him access to
employee
> > names in the employee db, but I don't want him to be able to view
> employees
> > socials? the same with customers and credit card information or to
> restrict
> > him from exporting any data/scripts. any ideas'
> >
> > Thanks in advance
> >
> > Alex
> >
> >
I have to add one more note to this even though you've gotten your answer
and probably moved on. You said you have a "local test SQL server" setup.
You should never have legitimate, sensitive customer/employee information in
a test database. There's just no need for it, and you're taking a huge risk
of that information falling into the wrong hands. Scramble or remove the
data in the sensitive columns immediately.
If you need a legitimate CCN or SSN for testing (such as validation
routines) then pull out your wallet and use your own. Risking compromise of
a customer or employee's personal information is just insane.
Ryan LaNeve
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment