14,501 questions
I am having sysadmin privileges on SQL instance but i want to revoke the access on XYZ database only.
Simple answer you cannot. A sysadmin will have full access on all the SQL Server objects and resources.
Restrict Sysadmin login access for specific database
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 0%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
Nirvesh Kumar
1
Reputation point
How to restrict sysadmin login(like: DBA Team member) access for any specific database.
eg: I am having sysadmin privileges on SQL instance but i want to revoke the access on XYZ database only.
Could you please help.
Thank you!!
Best Regards,
Nirvesh Kumar
SQL Server | Other
3 answers
Sort by: Most helpful
-
Shashank Singh 6,251 Reputation points2020-10-09T12:50:53.993+00:00 -
Thomas LaRock 81 Reputation points2020-10-09T14:28:36.667+00:00 For most scenarios, the answer is "no", because as a sysadmin you would have the ability to undo whatever restrictions were put into place.
However, if you are trying to restrict access to a specific column, for example, then the answer is "yes". You could use Always Encrypted on a column and not share the client certificate with that team member. They would only ever be able to see the encrypted values. You can test this yourself by viewing the AdventureWorks2016CTP3.Sales.CustomerPII column. It's encrypted, and you will never see the decrypted data unless the developer at Microsoft that deployed AdventureWorks2016CTP3 gives you the column master key.
HTH
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 78%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECZ%3C/text%3E%3C/svg%3E)
Cris Zhan-MSFT 6,661 Reputation points2020-10-12T03:08:18.41+00:00 Hi @Nirvesh Kumar ,
>>eg: I am having sysadmin privileges on SQL instance but i want to revoke the access on XYZ database only.
You cannot restrict sysadmin login access for specific database. The sysadmin role members have irrevocable administrative privileges on all server databases and resources.
Server and Database Roles in SQL Server
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
Cris Zhan-MSFT 6,661 Reputation points
2020-10-15T08:25:42.273+00:00 HI @Nirvesh Kumar ,
Is there any update on this case?
If the answer is helpful, please click "Accept Answer" and upvote it.
Sign in to comment -