Do you need access to Production?

During a recent client meeting about a database migration, I realised that I have never logged into a SQL Server on their production environment. My involvement has been strictly dealing with setting up the new environment and log shipping the backups.

I get that I’m not a full-service DBA for this client, but it got me wondering about the many security discussions I’ve seen and participated in, in the past: that not even a junior DBA might need access to production database systems, if it’s not within the scope of his or her work.

From this experience, I can honestly say that my part of the job has not been impacted by not having full access to the production environment.

Have a look at your own network, take the time to think about who has access and who actually needs it. Chances are, developers really don’t need sa on your production database server, and you will be able to reduce the attack surface of your systems.

Remember that many incidents of data exfiltration are internal.

Author: randolph

Randolph West is a Microsoft Data Platform MVP, and has worked with SQL Server since the late 1990s. When not consulting, he can be seen acting on the stage and screen, or doing voices for independent video games. Randolph is available for talks on SQL Server, and technology in general. He also offers training for junior DBAs. Connect with Randolph on Google+ or Twitter.