Third party access to SQL

Third party access to SQL

Post by U2ltb2 » Fri, 25 Apr 2008 19:10:01

We have a hosted SQL server with various internal applications on it. It has
been decided by on high that the same server will also have a database from a
third party on the server. The third party have asked for full system admin
rights on the SQL server.

Obviously I am not going to grant that access level as it gives them full
control on the box. From my viewpoint read and write access to the data can
be tolerated but anything else will be denied. Would you consider this
standard and is there any documentation with recommendations for control of
external suppliers ?

I am sure that they shouldn`t be doing any work on tables structure, sp`s
etc on a live database. That work should be tested, scripted etc and then run
on in a controlled environment by my company.

Anyone have any advice ?



Third party access to SQL

Post by Dan Guzma » Fri, 25 Apr 2008 21:29:27

> I am sure that they shouldn`t be doing any work on tables structure, sp`s

If this is the case, then why would the third party request sysadmin access
to the production environment? Why do they need access to the production
environment at all? I think you need a clear understanding of the third
party roles, responsibilities and expectations before you can setup the
appropriate permissions (minimal level of required). This is particularly
true of customized solutions.

When working with third party solutions, don't assume that Best Practices
like a formalized testing and promotion process are followed. I've seen
external vendors develop applications ad-hoc in the live production
environment (if it works it's production, otherwise it's just development).
Although the IT folks are stakeholders, they don't always have the final say
about such matters in the real world. A DBA can voice concerns but, at the
end of the day, it is a management decision as to whether or not Best
Practices are followed.

Hope this helps.

Dan Guzman
SQL Server MVP


Third party access to SQL

Post by Uri Diman » Sat, 26 Apr 2008 01:12:24


Oh,how true it is