Security with SQL backups
Is it possible to accomplish all of the following:
1) have an IT person perform SQL backups and/or have them scheduled to run
2) that IT person cannot know the sa password
3) that same IT person cannot have read/write permission on the database
4) the database cannot be restored without entering a password
So far, I have thought of:
1) make the IT person a member of the db_backupoperator,db_denydatareader
and db_denydatawriter groups
2) you can add the PASSWORD option when running the BACKUP DATABASE command.
However, since the person performing the backup must enter the password,
then nothing is stopping him from copying the backup to another server over
which he has full control, restoring it and viewing the data.
I also realize that there are 3rd party applications that can do this.
Can someone either provide some details how this can be done with using SQL
Server exclusively or with the 3rd party tools?
Thanks for reading.