How can I protect Enterprise Server databases from unauthorized access by the server administrator?

The Password Depot Enterprise Server includes an embedded super administrator account (“admin”) with a special function – the password of this account is used to physically encrypt databases in the server storage. By default, the “admin” account can also be used to grant other users access to all server databases. This security model provides a robust and secure method of storing databases on the server and prevents situations that there is no user having a valid permission to access or manage a database on the server.

In some cases, the Enterprise Server may require a configuration where the super administrator (“admin”) or a Server Administrator of a specific department should not be able to access or manage databases of another department. The solution for this problem is using a custom password for such databases. To set or change a custom password for a database, a Server or Database Administrator needs to login to the Server Manager and open the properties of the database:

Go to the “Advanced” tab, click the button Security-> Change settings and open the dialog box “Change Database encryption settings”. If the database is already protected with a custom password, you will have to enter the existing password first in order to change it afterwards and type in a new password.

If the database has not been protected with a custom password yet, select “Custom password (Automatic access to permissions management)”, enter a new password, and confirm it in the “Confirm password” field below:

After encrypting and saving the database successfully, access to the database management will only be possible after entering the correct password. Moreover, other users having access to the database files in the server storage will not be able to open additionally encrypted databases without knowing the correct custom password.