could there ever be a valid reason why users with access to an application (drive by a backend SQL Server database) would be granted an account that is sysadmin in the underlying databasre.
We have a basic asp.net application and 2 users login to the system (to setup new accounts/add permissions to existing accounts) who have accounts which when you look in SQL have sysadmin accounts. Could the need to setup new accounts in this applcation mean they need an account with sysadmin permissions on the underlying DB or is this excessive?
Everything more than these rights should be justified.