May 4, 2009 at 11:55 am
I have a quick question on new DB creation, our SQL DBA's are wanting to use the SA account to create new DB's for the SQL 2005 cluster. is this MS best practice or should they be using the login created for them in the instance (sysadmin)
thanks in advance from the newb!
Kevin
May 4, 2009 at 2:08 pm
Best practice: never ever use sa for anything. Password for that account should be saved in the safe and no one can use it for any purpose but true emergency.
Alex Prusakov
May 4, 2009 at 2:32 pm
Alex,
Thanks for the quick reply. The DBA's i work with are more oracle DB's the SQL :(. they requested access to the SA account because they believe that it should be used for administrative tasks. would have happen to have a link or article that would debunk this belief, i have found several on securing the SA account but none in regards to the use of SA versus a login that has been made Sysadmin for the specific DB in question (or for DB creation).
May 4, 2009 at 2:36 pm
Any user within sysadmin role is able to do the same as sa. This is usual misconception. Good luck 🙂
Alex Prusakov
May 4, 2009 at 2:52 pm
excellent information Alex,
a more personal question on my quest for knowledge, as we lack SQL dbas, i will be shortly going to training on SQL and right now aiming for SQL 2008 training. would there be any reason not to go that route? From what i have read, 2008 builds on the 2005 architecture but generally is the same. just more improvements. Again thanks for the information!
Kevin
May 4, 2009 at 6:07 pm
kevball2 (5/4/2009)
I have a quick question on new DB creation, our SQL DBA's are wanting to use the SA account to create new DB's for the SQL 2005 cluster. is this MS best practice or should they be using the login created for them in the instance (sysadmin)thanks in advance from the newb!
Kevin
Heh... wait a minute, now. WHICH SA account? The one for SQL Server or the one for the Windows Server?
I'll probably get lot's of flack for it, but if you have DBA's that you can't trust with the SA account, then either you absolutely paranoid or you need to get DBA's you can actually trust. Just DBO privs are just going to hog tie good DBA's.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply