Product has been added to your cart.

Poll: Can Your DBAs Read the Data?

Brent Ozar
Production Database Administration

It’s a simple question: can your database administrators read all of the data in all databases?

  • Yes
  • Yes, but we trust them not to – as in, we’ve got written policies in place, and they know they’re not supposed to go poking around in the payroll tables or the human resources database
  • Yes, if they bypass tech restrictions – like we’ve encrypted the data, but the DBA could technically log in with the app’s login or certificate and decrypt stuff they’re not supposed to see, or get access to our key vaults, or create a new login and then delete it afterwards
  • No, it would be impossible – the decryption keys are held in systems they can’t get access to, or they don’t have the capability to create users in those systems, the data is never copied into unencrypted systems like data warehouses, etc.

Take the poll here and view the results here.

I’ve turned comments off for this blog post because I know there’s gonna be a firestorm of people who wanna put long, drawn-out text responses with all kinds of gotchas and clarifications. Not gonna happen here, pardner, and don’t bother trying to get my attention on social media about this either – I’m gonna ignore it. I can already imagine all your “but but but” responses, and I’m not into but stuff – at least, not with you.

I’ll follow up with the results in a week, and comments will be enabled on that post.

Previous Post
Want Me to Train You & Your Coworkers Privately?
Next Post
[Video] Building a Brand By Sharing Your Work
Brent Ozar

Hi! I’m Brent Ozar.

I make Microsoft SQL Server go faster. I love teaching, travel, cars, and laughing. I’m based out of Las Vegas. He/him. I teach SQL Server training classes, or if you haven’t got time for the pain, I’m available for consulting too.

Get Free SQL Stuff

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Name*
Things I want*