RE: Who should have Sysadmin rights?

SSCrazy Eights

Points: 8992

March 11, 2019 at 7:43 am

#2024088

Len.Geoghegan - Monday, March 11, 2019 7:18 AM
Seems to me that a user should have access with minimum privileges through standard login, and a separate unique account with elevated privileges. No one should share an account, unless there's some way to limit use of that account to one person at a time and track which person had it for how long - with a new, time-limited password for each request. Otherwise it would be difficult to tell who used the SysAdmin account to drop the production database.

Totally agree. I would have normal logins for everyone, then have specific admin accounts for each person that's accountable for admin access. Sharing an account, especially administrative accounts, allows too much anonymity and doesn't hold each individual accountable.

LinkedIn: http://www.linkedin.com/in/sqlrv
Twitter: http://www.twitter.com/sqlrv
Website: http://sqlrv.com