SQL SA account

Idea created by scott.davies on Apr 7, 2019
    Reviewed by Product Management
    Score0


    Hi Guys,

    Our dbas are up in arms against providing the SQL sa account password for Blackboard.

    They go on to say:

    "It is against our ICT policy! The 'sa' login is supposed to be disabled. It is also against best practice to use the 'sa' login for installation(s) especially vendor applications. 'sa' login has full access to ALL SQL Server configurations and enable changes. The vendor product installer should only have Create DB and DBOwner access for the database it is creating. possibly DDLAdmin or securityAdmin if it defines security for the database it is creating. It is just lazy practice to use 'sa' or or sysadmin access for a vendor product install.

     

    If this was a highly secure environment (including dev/syt/uat) the use of 'sa' would be banned or you would have to get authorisation at the highest level to enable it's use for a vendor installation."

     

    It would be great if on prem installs would not use the sa account for installs / upgrades.

    Thanks,

    Scott

    Product Version (if applicable):