Creating New Databases on SQL 2005 best practices

Question

Creating New Databases on SQL 2005 best practices

kevball2

Grasshopper

Points: 15
More actions
May 4, 2009 at 11:55 am

#384498

I have a quick question on new DB creation, our SQL DBA's are wanting to use the SA account to create new DB's for the SQL 2005 cluster. is this MS best practice or should they be using the login created for them in the instance (sysadmin)
thanks in advance from the newb!
Kevin

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply

Alex Prusakov Ten Centuries Points: 1154 More actions · Answer 1

Best practice: never ever use sa for anything. Password for that account should be saved in the safe and no one can use it for any purpose but true emergency.

Alex Prusakov

kevball2 Grasshopper Points: 15 More actions · Answer 2

Alex,

Thanks for the quick reply. The DBA's i work with are more oracle DB's the SQL :(. they requested access to the SA account because they believe that it should be used for administrative tasks. would have happen to have a link or article that would debunk this belief, i have found several on securing the SA account but none in regards to the use of SA versus a login that has been made Sysadmin for the specific DB in question (or for DB creation).

Alex Prusakov Ten Centuries Points: 1154 More actions · Answer 3

Any user within sysadmin role is able to do the same as sa. This is usual misconception. Good luck 🙂

Alex Prusakov

kevball2 Grasshopper Points: 15 More actions · Answer 4

excellent information Alex,

a more personal question on my quest for knowledge, as we lack SQL dbas, i will be shortly going to training on SQL and right now aiming for SQL 2008 training. would there be any reason not to go that route? From what i have read, 2008 builds on the 2005 architecture but generally is the same. just more improvements. Again thanks for the information!

Kevin

Jeff Moden SSC Guru Points: 1004279 More actions · Answer 5

kevball2 (5/4/2009)
I have a quick question on new DB creation, our SQL DBA's are wanting to use the SA account to create new DB's for the SQL 2005 cluster. is this MS best practice or should they be using the login created for them in the instance (sysadmin)
thanks in advance from the newb!
Kevin

Heh... wait a minute, now. WHICH SA account? The one for SQL Server or the one for the Windows Server?

I'll probably get lot's of flack for it, but if you have DBA's that you can't trust with the SA account, then either you absolutely paranoid or you need to get DBA's you can actually trust. Just DBO privs are just going to hog tie good DBA's.

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)