Post reply

Regarding SQL accounts

  • December 17, 2015 at 7:38 pm

    #307119

    Hi All,

    I have about 4-5 databases currently and each is accessed using different sql accounts from asp.net windows/web applications.

    We are migrating to sql server 2008 r2 and I have few queries regarding sql accounts

    My Question:

    > Does it impact the sql server if same account is being used to access all the databases?.

    > Is it a good design to have separate sql user id for each DB.

    Any suggestions/pointers, would be helpful.

    Regards.

  • December 18, 2015 at 1:58 am

    #1846709

    It all comes down to how you want to manage security?

    Can you allow the same account to connect to all databases? Does this pose a security risk to your company?

    If one account is compromised then it can access all the data.

    In the lights of recent high profile data breaches you need to define what is right for your company, one account per DB or one account for all DBs.

  • December 18, 2015 at 5:52 am

    #1846739

    Thanks for your reply, I understand from security point of view. So design wise it wont affect SQL server if one account for all the databases.

  • December 18, 2015 at 6:49 am

    #1846753

    GonnaCatchIT (12/18/2015)

    Thanks for your reply, I understand from security point of view. So design wise it wont affect SQL server if one account for all the databases.

    No, it won't. A single login can have users in multiple databases. Like Anthony said, it comes down to how you want to manage your security.

    Having a login that has any permissions to any database is a security risk, meaning that it enables the data to be accessed. It's a necessary risk, but a risk nonetheless. Security is about managing and minimizing risk. What risk is acceptable is up to you and your management to decide.

    Tally Tables - Performance Personified
    String Splitting with True Performance
    Best practices on how to ask questions

  • December 18, 2015 at 9:17 am

    #1846817

    I'd have a login for each app, or each logical separation of activity in an app. That way a change in the password doesn't break the app.

    Would I allow this login to access multiple databases? Perhaps. I'd look at it as I'd look at a person. If they need access to multiple systems, we grant their login access. However if there are potentially privileged systems, or places where we would some firebreak if there is an issue, we give them a second login.

    Same here.

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply