March 27, 2019 at 10:50 am
I know it's not a good practice to share SA account password with developers. However, application configuration needs sa account. Is there any alternate solution?
March 27, 2019 at 10:57 am
In my experience, applications do not usually need sa rights. This sort of request, really just means that the application team has not done any sort of permissions testing. For 90% of these applications, they really only need dbo rights on their database. Ask the developers, or vendor, what action the application is doing that needs sa access. You may be able to grant that separately (such as creating SQL Agent jobs).
March 27, 2019 at 11:30 am
Admingod - Wednesday, March 27, 2019 10:50 AMI know it's not a good practice to share SA account password with developers. However, application configuration needs sa account. Is there any alternate solution?
You usually want to disable the sa account. So if it's disabled that won't work for whatever they think they need.
And as already posted, rarely does a vendor or application need this. Find out what they need to do rather than have them tell you what permissions you should give them. Usually they don't know what permissions they need and just say "give me sysadmin" because it's easier for them to do that than figure out what permissions are needed.
Sue
March 27, 2019 at 11:53 am
Admingod - Wednesday, March 27, 2019 10:50 AMI know it's not a good practice to share SA account password with developers. However, application configuration needs sa account. Is there any alternate solution?
Do they require 'sa' account - or are they asking for sysadmin? If they are specifically asking for the sa account - then follow up with them and find out why they need a specific account. If they are asking for sysadmin - then follow up with them and ask them what they are doing that requires that level of access.
Even those that say they require db_owner access - they don't really need that level either. In most cases, they tried to do something - got an error - set the permission to db_owner or sysadmin and since that 'solved' the problem they never followed up on the actual requirements.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
March 27, 2019 at 1:33 pm
Admingod - Wednesday, March 27, 2019 10:50 AMI know it's not a good practice to share SA account password with developers. However, application configuration needs sa account. Is there any alternate solution?
Yes... Step 1 is to buy a 5 gallon bucket of frozen pork chops, a 3 banded Wrist Rocket, some good rope, and a straight-back sturdy wooden chair ... 😉
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply