EDIT: Upon further research, it looks like this is a bad question. I 'replied' below with an explanation of why. I would delete this question if I knew how.
We are migrating from SQL Server 2008 R2 to SQL Server 2019. A consultant did the initial work of setting up the new server, and now it's my turn to do the final part of the migration. In doing general research on best practices, I found that the Login for the "dbo" user in *User* databases should not be an individual account nor the sa account. At least that's what I have gathered.
What I'm wondering about is the 'dbo' user for the *System* databases. The consultant set the Login for the system dbo user to 'sa' (or maybe 'sa' was the default?). Using 'sa' seems to be discouraged, but the consultant also disabled the 'sa' Login and I've seen positive remarks about using a disabled account for the Login belonging to the 'dbo' User.
The Question: Is using a disabled 'sa' account for the 'dbo' user for System databases a secure strategy? Are we likely to experience any problems doing it this way? Is there a different industry standard?
As an alternative, I was thinking that I could re-set the Login for the dbo users in the system databases to the Login I'm using for our User databases. For our User databases, the dbo user is mapped to a Window's Authenticated Login. The Window's Authenticated Login is mapped to a *group* Active Directory account, to which myself and other DBAs/programmers belong. Would it be better to switch the dbo's Login for system databases to the same group Active Directory account we are using for the User databases? Or maybe it doesn't really matter?
I'm more of an accidental DBA, because there's no one else to do it. I apologize if this is a dumb question. I really did try to research it, but I couldn't find anything mentioning the dbo's of System databases and the current mapping to the 'sa' Login doesn't feel right to me. Thank you for your thoughts. 🙂
- This topic was modified 2 years, 5 months ago by JJ B. Reason: Need to clarify that this is a bad question after all