Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

sysadmin role risks

Posted on 2014-04-16
1
Medium Priority
?
684 Views
Last Modified: 2014-04-16
can anyone give a management freindly summary of what a user can do with sysadmin priveleges on a SQL server? (aside from access all data). I am trying to identify the risks and put forward a case for revoking such access as there seems a significant number of users with this role permission. So a good list of potential problems that a malciois user with these permissions could cause would be most welcome.
0
Comment
Question by:pma111
1 Comment
 
LVL 52

Accepted Solution

by:
Carl Tawn earned 2000 total points
ID: 40003514
Anyone with sysadmin rights can do anything they want, they have full unrestricted administrative rights over the SQL server. It would be a very bad idea to give that level of permissions to anybody who didn't need it.

Non-exhaustive list:

Create/alter/drop any security object (users, roles, etc)
Create/alter/drop any database, database object, agent job
Create/alter/drop security certificates, encryption keys
Backup/restore/overwrite any database
Modify any server settings
Setup/remove mirroring, replication, log shipping

The list goes on.....
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question