Home/ Questions/Q 3482320
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T10:32:43+00:00

We have a problem where one of our customers is changing data directly in

  • 0

We have a problem where one of our customers is changing data directly in the database.

As we have an API, we’d prefer our customers to use this. We have threatened not to support their solution if they persist in manually changing data.

My query is, is there a technical way we can prevent access to the database from anything other than our application?

This is a sql server database, and our customers own the server and administer the DB server, So essentially we need a way to lock out SA.

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First things… you can’t:

    • lock out sa or sysadmin rights at all at the server level
    • lock out db_owner/dbo at the database level

    Now we’ve cleared that one up, who is accessing data directly?

    • If you mean end users are changing data, then you have a security issue: they should only be able to use the API and not even be able to connect.

    • If you mean sysadmin level users (eg DBAs or BOFH types) then there may be a legitimate reason. Does your API support all operations? As a DBA, I had to do open table surgery on badly written 3rd party apps now and then

    • If end users have sysadmin level rights, then you have a politics issue within the client company

    Edit:

    After comment by OP on their question… sysadmin users can disable triggers…

    • 0