This blog is not about avoiding logging in using the sa login. Hopefully we all know about this, and work towards avoidning this practice.
Instead I want to talk about using sa, but not to login (authenticate), but as owner for jobs and databases. I want keep these thing de-individualized – so we avoid things like person A leaving the company and we don’t dare to remove that login/Windows account. We can of course create some SQL login or Windows login especially for this purpose and use that. But sa is already there. Another advantage is that sa always has the same sid number (makes moving databases across instances a bit easier).
The way Agent work is that if the owner is member of sysadmin server role, then it won’t attempt any imersonation for the job steps. I.e., Agent won’t use SETUSER (2000 and earlier) or EXECUTE AS USER = (2005 or later). This means that Agent will never actually authenticate using sa (Agent will always authenticate using a Windoes authentication – and then verify that it is sysadmin). I.e., we can change password for sa, disable sa, or even run in Windows Only mode.
And, just to be obvious: If the job should be owned by some individual, in order for operating in a proper security context, then we should use that individual as owner and not sa!
How do you handle job and database ownership? Do you have situations where the owner does matter, details?
Andreus Wolters wrote a great post on database ownership and least privilege.
https://www.insidesql.org/blogs/andreaswolter/2014/06/sql-server-database-ownership-survey-results-recommendations
I have started to create SQL Logins named after the database, and disabled the SQL Account. Then I make it the database owner to prevent exactly what Andreus is referring to.
Can’t miss ‘trực tiếp gà chọi c1’! Need my live action fix. Hope this site delivers the goods! Watch it trực tiếp gà chọi c1.
Bombing fishing, huh? That sounds like some seriously explosive fun! I gotta give it a try. Wish me luck! Dive in with bombing fishing!
Alright y’all, gk88slot is where it’s at for slots. Seriously, some great games and jackpots on offer. Stumbled upon it, and very happy with my find. See if you like it at gk88slot.
I’ve been browsing bw777 today and wanted to say its pretty good. Take a moment and check it out at bw777.
Masayacasino’s customer service is actually pretty good. Had an issue with a withdrawal and they sorted it out quick. That’s a big plus in my book. See for yourself: masayacasino.
Downloaded the f66app the other day. Pretty smooth performance, no annoying crashes so far. If you like playing on your phone, this might be for you. Grab it here: f66app
Alright alright alright, xsmn247me caught my eye. I’ve been digging it. Give it a gander and see what you think by clicking xsmn247me.
Yo, heard about h555gamedownload. The download process was quick and easy. The games they offer are pretty cool. I’ve been spending a bit of time there. If you need a new game to download might want to check it out. Go here: h555gamedownload.
Ah77 is pretty coolio. I’m gonna keep it real. Very intuitive navigation: ah77
Betpkrdownload was super quick and painless. Got it up and running in no time. Happy camper here! Get it right here: betpkrdownload