sysadmin risks

1) we are trying to risk assess what the potential issues would be if a malicious user got hold of an account with sysadmin permissions. Every article I read says "anything", but I was hoping someone could give some examples on the type of thing a malicious user could do if they got sysadmin.

2) who genuinely needs sysadmin permissions, what types of task require sysadmin, to help verify if the current assignment is reasonable.
Who is Participating?
KimputerConnect With a Mentor Commented:
1) If a malicious user got sysadmin, they could indeed to everything on the MS SQL server, reading/deleting/writing ALL databases, including system db/user db

2) Only the real sysadmin (or admin group) needs it. The highest of the highest IT or database person.  The rest of the people don't really need it. Even developers don't need it. You just assign the fulll rights to the database they're working on.

If the same password of "sa" is used as the server administrator password, then the malicious user can take over the whole server.
Vitor MontalvãoConnect With a Mentor MSSQL Senior EngineerCommented:
"anything" means really anything. From deleting, inserting or updating data or creating, deleting and modifying objects or databases to creating or deleting users and changing passwords or stop the SQL Server service or even uninstalling the SQL Server.

That's why who should have sysadmin rules should be only the DBA's. They are the right people to administering and maintaining a SQL Server instance.
Scott PletcherSenior DBACommented:
When SQL Server checks permissions for a login/user, it first checks for sysadmin authority.  If that authority is present, no other permission checks are ever done, since sysadmin has full authority.  That is why it is "everything" -- SQL will run any command for a sysadmin without any security checks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.