We are using an outsourcing company who now wants a backup of our database -
which has sensitive data in it.
The problem is that our Database has 2 applications in it with many Stored
Procedures and Tables in each. I already have them set up with access to
the Stored Procedures and Tables that are involved in the application they
are working on. They have access via VPN at the moment. They are saying
that they are trying to replicate the database for their application but
there are too many Stored Procedures and would be better to use a backup
from us.
I am concerned with giving the outsourcing company a backup or the .dat file
from our system as that would also have the other tables and data on it. We
do have them restricted to only the one application, but if we were to give
them a copy of our database would they be able to override the security on
the other tables?
Thanks,
TomToo many Stored Procedures? What does that mean?
Using Enterprise Manager, it's easy to get a script of the stored procedures
and add them to another database. They are other solutions, like creating
an empty database without any data and send them a backup of this.
You can also use a SQL-Server comparaison tool like Red Gate and others that
you can find on the internet.
--
Sylvain Lafontaine, ing.
MVP - Technologies Virtual-PC
E-mail: http://cerbermail.com/?QugbLEWINF
"tshad" <tfs@.dslextreme.com> wrote in message
news:eRc%23KdW0GHA.4956@.TK2MSFTNGP04.phx.gbl...
> We are using an outsourcing company who now wants a backup of our
> database -
> which has sensitive data in it.
> The problem is that our Database has 2 applications in it with many Stored
> Procedures and Tables in each. I already have them set up with access to
> the Stored Procedures and Tables that are involved in the application they
> are working on. They have access via VPN at the moment. They are saying
> that they are trying to replicate the database for their application but
> there are too many Stored Procedures and would be better to use a backup
> from us.
> I am concerned with giving the outsourcing company a backup or the .dat
> file
> from our system as that would also have the other tables and data on it.
> We
> do have them restricted to only the one application, but if we were to
> give
> them a copy of our database would they be able to override the security on
> the other tables?
> Thanks,
> Tom
>|||Giving someone physical custody of your database has the potential of
abrogating all security.
Make a backup copy of the database and then delete (from the backup copy)
all tables and data to which the outsourcing firm SHOULD NOT have access.
--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
"Sylvain Lafontaine" <sylvain aei ca (fill the blanks, no spam please)>
wrote in message news:%230z%23wDX0GHA.5072@.TK2MSFTNGP03.phx.gbl...
> Too many Stored Procedures? What does that mean?
> Using Enterprise Manager, it's easy to get a script of the stored
> procedures and add them to another database. They are other solutions,
> like creating an empty database without any data and send them a backup of
> this.
> You can also use a SQL-Server comparaison tool like Red Gate and others
> that you can find on the internet.
> --
> Sylvain Lafontaine, ing.
> MVP - Technologies Virtual-PC
> E-mail: http://cerbermail.com/?QugbLEWINF
>
> "tshad" <tfs@.dslextreme.com> wrote in message
> news:eRc%23KdW0GHA.4956@.TK2MSFTNGP04.phx.gbl...
>> We are using an outsourcing company who now wants a backup of our
>> database -
>> which has sensitive data in it.
>> The problem is that our Database has 2 applications in it with many
>> Stored
>> Procedures and Tables in each. I already have them set up with access to
>> the Stored Procedures and Tables that are involved in the application
>> they
>> are working on. They have access via VPN at the moment. They are saying
>> that they are trying to replicate the database for their application but
>> there are too many Stored Procedures and would be better to use a backup
>> from us.
>> I am concerned with giving the outsourcing company a backup or the .dat
>> file
>> from our system as that would also have the other tables and data on it.
>> We
>> do have them restricted to only the one application, but if we were to
>> give
>> them a copy of our database would they be able to override the security
>> on
>> the other tables?
>> Thanks,
>> Tom
>>
>|||Hi,
Yes. Once you give them a backup they will be able to override all the
sercurity you have implemented as the restored database will be on there
server and will be controlled by their 'sa' or 'adminstrator' account. Once
you have access to a database as a administrator, you can virtually do
whatever you want.
Instead, why donâ't you just give them backup's of the table's they are
concerned with? You can generate insert statements for data in the table.
Refer to http://vyaskn.tripod.com/code.htm#inserts
You can always script the stored procedures using SQL Enterprise Manager and
give them a copy.
Hope this works for you.
Regards,
Karthik
"tshad" wrote:
> We are using an outsourcing company who now wants a backup of our database -
> which has sensitive data in it.
> The problem is that our Database has 2 applications in it with many Stored
> Procedures and Tables in each. I already have them set up with access to
> the Stored Procedures and Tables that are involved in the application they
> are working on. They have access via VPN at the moment. They are saying
> that they are trying to replicate the database for their application but
> there are too many Stored Procedures and would be better to use a backup
> from us.
> I am concerned with giving the outsourcing company a backup or the .dat file
> from our system as that would also have the other tables and data on it. We
> do have them restricted to only the one application, but if we were to give
> them a copy of our database would they be able to override the security on
> the other tables?
> Thanks,
> Tom
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment