September 6, 2008 at 10:31 am
Can some one point me in the direction of Best practiices in for the SA account in a production environment? I was asked a the question of why can't we make all th databases in production owned by SA instead of a Windows account. Based on the idea that we want to lock down the SA account and use a NT Account for all adinistrative function including database ownership.
Warm Regards,
Arthur Lorenzini
Sioux Falls, SD
September 6, 2008 at 11:28 am
There are articles at SSC regarding db ownership.
e.g. http://www.sqlservercentral.com/articles/Advanced/understandingobjectownership/1966/
We don't use sa for login, but have all databases owned by sa.
All sysadmin stuff is being performed using our windows-admin-accounts. (dbas are member of a ad-group, that ad-group is being granted sysadmin for sqlserver and builtin\administrators is being revoked).
The only advantage of having a userid as actual db owner, is that that user is directly mapped to the dbo user of that db.
Meaning if that user issues a "create object ..." it is actually being created in the dbo schema.
Regular users being member of the databases db_owner group, wanting to create the same object, will have to issue a "create dbo.object ..." to get the same result.
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
September 6, 2008 at 8:14 pm
I'll second the advice above.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply