SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 

SQL Server 2014 Best Practice: Set built-in Sysadmin(sa) account as an default owner of all databases on SQL Server instance

As we know, when we create database on SQL Server instance, SQL Server engine sets the login that created the database as the default database owner. This gives the user full control on the database, meaning he/she can do whatever they like on that particular database. According to the SQL Server security best practice document, we should grant login with the least amount of privileges. Therefore, it is recommended to set built-in sa account as an owner of all databases on SQL Server instance. This will make database and server more secure.

How to identify the ownership of the system and user databases on SQL Server instance?

You can use SQL Server Management Studio to view the database owner. Follow these steps to view the database owner using SQL Server 2014 Management Studio:

  • In SQL Server Management Studio, connect to an instance of the SQL Server Database Engine with Object Explorer.
  • In Object Explorer, right-click the database for which you want to check the database ownership, and then click Properties.
  • This opens the database property window, showing you the general database information and ownership details.

01

Alternatively, you can query sys.databases, as follows, to view the system and user databases on SQL Server instance:

02

As you can see, it is the quickest way to find the database owner.

How to change ownership of the user databases to sa?

To change the ownership of the user databases, you can use ALTER AUTHORIZATION Transact DCL command. The following example shows how you can change the ownership of AdventureWorks2012 database:

03

Note: Ownership of the system databases cannot be changed.

Below is the quick script I wrote, which can be used to identify the user database where the owner is not sa. This script also gives you ALTER AUTHORIZATION Transact DCL command for each database to transfer its ownership to sa account:

04

For more information, review SQL Server Security Best Practice white paper.


Basit's SQL Server Tips

Basit Farooq is a Lead Database Administrator, Trainer and Technical Author. He has more than a decade of IT experience in development, technical training and database administration on Microsoft SQL Server platforms. Basit has authored numerous SQL Server technical articles, and developed and implemented many successful database infrastructure, data warehouse and business intelligence projects. He holds a master's degree in computer science from London Metropolitan University, and industry standard certifications from Microsoft, Sun, Cisco, Brainbench, Prosoft and APM, including MCITP Database Administrator 2008, MCITP Database Administrator 2005, MCDBA SQL Server 2000 and MCTS .NET Framework 2.0 Web Applications.

Comments

Leave a comment on the original post [basitaalishan.com, opens in a new window]

Loading comments...