patternsqlMinor
Prevent SysAdmin from doing a Database Restore
Viewed 0 times
preventdoingsysadmindatabasefromrestore
Problem
I am a sysadmin on my SQL Server 2008, and I need to be, but I would like to setup my security on the Production server to prevent me from accidentally restoring to the production database. I restored databases to a test machine often for developers to debug/test and while I am always really careful, after about ten years, today I wasn't.
My thought was to put in a DENY on the restore permission and if I ever need to really restore, remove the DENY, but I can't find anything like this.
Does anyone know how to do this or maybe have a better idea?
My thought was to put in a DENY on the restore permission and if I ever need to really restore, remove the DENY, but I can't find anything like this.
Does anyone know how to do this or maybe have a better idea?
Solution
First, you can't prevent a sysadmin from doing anything. :-) Any login that is a member of the sysadmin fixed server role operates outside the permissions system - they can do anything.
My first thought was to use a DDL trigger to stop the restore. Unfortunately, restoring a database is an operation that does not cause any triggers to fire (see this Connect item).
My next idea is to either have an alert on the restore event or have some job periodically looking at the
My first thought was to use a DDL trigger to stop the restore. Unfortunately, restoring a database is an operation that does not cause any triggers to fire (see this Connect item).
My next idea is to either have an alert on the restore event or have some job periodically looking at the
msdb.dbo.restorehistory table so you can at least catch the restores quickly and work to fix them. Not ideal, I know.Context
StackExchange Database Administrators Q#53995, answer score: 5
Revisions (0)
No revisions yet.