2 comments on “Database Owner? What user owns your database?
  1. What’s wrong with SA as a DBOwner if it has a complex password (stored in safe) and no SQL admin is using SA (because the don’t know the password)? The advantage of SA is that it will never go away, every other login can be deleted.

    • SteveStedman SteveStedman says:

      Wilfred, thanks for the question. I realized that I didn’t cover that very well. I added the following paragraph to the post after reading your question.

      It is possible for a non-admin to get security escalation using a database that is owned by sa, even if the sa account is disabled. There is a really great article written by Raul Gonzales that describes exactly how to do this. http://www.sqlservercentral.com/articles/Security/121178/

      Hope this helps.

      -Steve

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Time limit is exhausted. Please reload CAPTCHA.