login with 'sa' or a specific login ?

  • Hi!

    I have a question : are there advantages in using a specific user,created for instance for me, or is the 'sa' login enough for everything?

    I'm asking this because where I work I use the sa login, and I recently observed that some databases, that are used by everybody, have as owner the ex-dba.

    And I'm asking myself if there are advantages in using my own login, or to continue using the 'sa'

    I hope I'm clear...

    Thanks

  • For security purposes it is recommended that sa have a very strong password and that the account is not used by anyone.

    If you have a Windows Domain the recommended practice is to used Windows Authentication and create logins based on Windows accounts and then assign those logins the appropriate permissions.

    If you need sa rights then you should create a login for your Windows account and put that login in the sysadmin server role or in 2005 and above grant it CONTROL SERVER rights.

    Some folks even recommend have a separate login that you use only when doing sa type activities and have another login you use when doing development or just querying the server.

  • sa = "system administrator"

    If you use it at all, use it for that purpose, and nothing else.

    Otherwise, you can end up leaving your database open to all kinds of security issues.

    I recommend Windows Domain security. Gives you the most control with the least work.

    - Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
    Property of The Thread

    "Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply