I have a question regarding MSSQL2008R2, I'm responsible for conducting security scanning and assessments, I am not a DBA, so please bear with me. When using Tenable Nessus to scan the database, a series of scripted files are used to review pre-defined configurations and scanning requires use of the sysadmin role which is recommended by Tenable. The problem is that I'm starting to get flak because I have access to the actual data, so here are my questions;
Using Center for Internet Security CIS Microsoft SQL Server 2008 R2 Database 11-16-2012 as you guide... or a DBA who knows better...
a) Can my end goal to fully assess the DB be achieved via another role, with less access?
b) "Assuming" the database are configured correctly per standard, will db logging and auditing capture any attempt to access the data?
c) Can a role be created that will allow me to achieve my goals and if so, what would you recommend?
Thank you all in advance for your help and I look forward to any responses that may help.
Donald