Home Forums SQL Server 2008 SQL Server 2008 - General db owner RE: db owner

  • August 9, 2014 at 10:50 am

    #1736625

    GilaMonster (8/9/2014)

    sqlfriends (8/8/2014)

    But my question is why bother to grant all these permssions, but just grant this account db_owner role. Becaue it pretty much need all the permissions: read, write, and excute.

    And permission to change the schema, drop tables, add users, add permissions, drop the database. None of which your application probably needs.

    Principle of Lease Privilege. An app's login should have the minimum permissions it needs to do it's job and nothing else.

    For me, that means that the app login has no privs other than PUBLIC and the privs to execute certain stored procedures.

    Of course, in real life, we never reach that particular bit of security Nirvana. Instead, we end up catering to people that don't understand and spending proverbial mega-bucks on things like penetration testing. :pinch:

    --Jeff Moden

    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)