Solved

sysadmin role risks

Posted on 2014-04-16
1
559 Views
Last Modified: 2014-04-16
can anyone give a management freindly summary of what a user can do with sysadmin priveleges on a SQL server? (aside from access all data). I am trying to identify the risks and put forward a case for revoking such access as there seems a significant number of users with this role permission. So a good list of potential problems that a malciois user with these permissions could cause would be most welcome.
0
Comment
Question by:pma111
1 Comment
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 500 total points
ID: 40003514
Anyone with sysadmin rights can do anything they want, they have full unrestricted administrative rights over the SQL server. It would be a very bad idea to give that level of permissions to anybody who didn't need it.

Non-exhaustive list:

Create/alter/drop any security object (users, roles, etc)
Create/alter/drop any database, database object, agent job
Create/alter/drop security certificates, encryption keys
Backup/restore/overwrite any database
Modify any server settings
Setup/remove mirroring, replication, log shipping

The list goes on.....
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Server 2012 r2 - Make Temp Table Query Faster 5 42
sql server insert 12 30
Query Syntax 17 34
SQL Server Import/Error Wizard error 12 19
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question