sysadmin role risks

can anyone give a management freindly summary of what a user can do with sysadmin priveleges on a SQL server? (aside from access all data). I am trying to identify the risks and put forward a case for revoking such access as there seems a significant number of users with this role permission. So a good list of potential problems that a malciois user with these permissions could cause would be most welcome.
LVL 3
pma111Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Carl TawnConnect With a Mentor Systems and Integration DeveloperCommented:
Anyone with sysadmin rights can do anything they want, they have full unrestricted administrative rights over the SQL server. It would be a very bad idea to give that level of permissions to anybody who didn't need it.

Non-exhaustive list:

Create/alter/drop any security object (users, roles, etc)
Create/alter/drop any database, database object, agent job
Create/alter/drop security certificates, encryption keys
Backup/restore/overwrite any database
Modify any server settings
Setup/remove mirroring, replication, log shipping

The list goes on.....
0
All Courses

From novice to tech pro — start learning today.