Ken Grissom-138180 (3/4/2015)
Thanks for the information.
But that raises a question for me.
If we are not to use the TRUSTWORTHY with SA access what about the MSDB? Since Microsoft has set the MSDB to TRUSTWORTY and ownership is 'SA' does that pose similar security risks? Should one change ownership of MSDB to a non-privilaged account? I am confused since Microsoft says not to alter the ownership of system databases?
Generally speaking you should not change any settings on system databases (not speaking of tempdb or model though), but bear in mind that privilege escalation is a combination of factors. Which are
- Database ownership with high privileges
- TRUSTWORTHY ON
- And what is also required is to have database users members of the db_owner database group which can impersonate [dbo]
Without any of those, escalation is not possible (by using impersonation)
So as long as you don't have any user in the db_owner (and I don't see a reason why you should in msdb database), you're absolutely fine.
Hope that clears things for you