Hiding Data

Hi,

I am intetrested to know if there is a way to hide the information in a
specific column in my table. SQLServer 200. Something like a password
protection were you only see *****. I have a DBA but want to hide salary
information from him that is stored in the database.

Any suggestions
Thanks
Elmo"elmo" <elmo@.delphisure.com> wrote in message
news:hvKdnVvTd7D5Dv_cRVn-tg@.is.co.za...
> Hi,
> I am intetrested to know if there is a way to hide the information in a
> specific column in my table. SQLServer 200. Something like a password
> protection were you only see *****. I have a DBA but want to hide salary
> information from him that is stored in the database.
> Any suggestions
> Thanks
> Elmo

This isn't possible - a member of the sysadmin role can access all data in
all databases. You can encrypt/decrypt the sensitive information in your
client application using whatever encryption API is available, then just
store the encrypted value in the database table:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=22

Simon|||I have exactly the same issue.
Our security person wants an audit on all 'select' on 4 tables
containing sensitive data.

Any idea how we can manage to do this?|||"Praim Sankar" <praimnath.sankar@.cogeco.com> wrote in message
news:329c4589.0410051245.41ad320b@.posting.google.c om...
>I have exactly the same issue.
> Our security person wants an audit on all 'select' on 4 tables
> containing sensitive data.
> Any idea how we can manage to do this?

One way would be to run a trace, filtered on object name and SELECT. Or
there are commercial products for auditing purposes, such as this one (which
I've never used):

http://www.lumigent.com/products/entegra_sql.html

However, it would be extremely difficult to prevent a determined
administrator from viewing the data - he can disable auditing briefly,
restore a backup to another server without auditing etc. So any technical
solution needs a 'human' part too, ie. good staff, and a clear policy on
data access.

Simon