June 25, 2014 at 12:36 pm
While going through a monthly security check I noticed that a user account that is the owner of one database in the server and granted the server role of dbcreator is showing up as db_owner of all newly created databases on the server. This account has no business having permissions to any other data on the server especially since it is a 3rd party application account. I have tried removing the dbcreator role and testing but that did not work. What am I missing?
Thanks
June 25, 2014 at 12:58 pm
Never mind, I found out why. Somehow, that user was placed into the model database as an owner. As a result, the model's structure was applied to every new database that was created thereby granting that user db_owner.
June 25, 2014 at 3:58 pm
Nice job figuring it out. And thanks for posting the solution so anyone else who finds the question knows what you did to solve it.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
June 26, 2014 at 6:53 am
Thank you, much appreciated.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply