MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » July 2008

Re: Modernization and multi-member files



fixed

On Thu, Jul 17, 2008 at 7:22 PM, <vhamberg@xxxxxxxxxxx> wrote:
I think we are talking in different realms here.

Yes. For full administrative privileges on an i, two accounts are
needed. On Windows, you can delegate full administrative privileges to
a single account, if you want to.

Again: There is absolutely no need to delegate someone holding full
privileges on a SQL Server Database to be delegated permissions that
allow him to access the rest of the server (which includes the
database files used by SQL Server).

They are distinct, different concepts, with different advantages and
disadvantages. They were designed in different eras with different
requirements. (That was my point in my previous post). In this case,
neither of them has a security advantage or disadvantage.

I don't see how this has any security impact - usability, perhaps. Security? No.

And to put another spin on it - someone with full access to the OS,
but without DST access can still apply LIC PTFs. Enabling him to do
whatever he wants. Just the same as a SQL Server User that has
privileges to the program folders where SQL Server is run from - he
could replace the SQL Server binary with a version that circumvents
access control.

Both ways are entirely theoretically possible, but the knowledge
needed to make either of these work is immense.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact