Solved

sysadmin risks

Posted on 2014-12-04
3
94 Views
Last Modified: 2014-12-19
1) we are trying to risk assess what the potential issues would be if a malicious user got hold of an account with sysadmin permissions. Every article I read says "anything", but I was hoping someone could give some examples on the type of thing a malicious user could do if they got sysadmin.

2) who genuinely needs sysadmin permissions, what types of task require sysadmin, to help verify if the current assignment is reasonable.
0
Comment
Question by:pma111
3 Comments
 
LVL 35

Accepted Solution

by:
Kimputer earned 250 total points
ID: 40480350
1) If a malicious user got sysadmin, they could indeed to everything on the MS SQL server, reading/deleting/writing ALL databases, including system db/user db

2) Only the real sysadmin (or admin group) needs it. The highest of the highest IT or database person.  The rest of the people don't really need it. Even developers don't need it. You just assign the fulll rights to the database they're working on.

If the same password of "sa" is used as the server administrator password, then the malicious user can take over the whole server.
0
 
LVL 49

Assisted Solution

by:Vitor Montalvão
Vitor Montalvão earned 250 total points
ID: 40480425
"anything" means really anything. From deleting, inserting or updating data or creating, deleting and modifying objects or databases to creating or deleting users and changing passwords or stop the SQL Server service or even uninstalling the SQL Server.

That's why who should have sysadmin rules should be only the DBA's. They are the right people to administering and maintaining a SQL Server instance.
0
 
LVL 69

Expert Comment

by:Scott Pletcher
ID: 40481115
When SQL Server checks permissions for a login/user, it first checks for sysadmin authority.  If that authority is present, no other permission checks are ever done, since sysadmin has full authority.  That is why it is "everything" -- SQL will run any command for a sysadmin without any security checks.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
I have a large data set and a SSIS package. How can I load this file in multi threading?
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question