Security in SQL Server 2005: What can your DBA access?

Great question today after the launch event in Cork!

Part of my demo of the more granular security model of SQL Server 2005 involved showing how only one user had access to a symmetric key that was used to decrypt credit card information. 

I was asked if it's possible to prevent the DBA (database administrator) from having the ability to decrypt certain data stored in the database.  That would facilitate a scenario that this Partner had in mind that would allow their organization to deploy a highly sensitive database.

The SQL Server 2005 team very thoughtfully (and rapidly!) came back with this great article summarizing Security in SQL Server 2005 and beyond.

Short answer: yes.  And if you're curious, read the article, it's great!

 

P.S. I really enjoyed having dinner last night with Robert Scoble, Tom Raftery and the other bloggers after the highly successful and engaging IT @ Cork event - more on that soon, but first, dinner!