The application owners (typically business people) shouldn't have any permissions to do anything of the sort...
DBAs would make the changes, and this should be caught in Dev/Test prior to Prod Cheers Ken From: David Lum [mailto:david....@nwea.org] Sent: Saturday, 1 December 2012 1:14 AM To: NT System Admin Issues Subject: RE: SQL account management Thanks guys! What drove this question is the app owner deleted a SQL account that they had realized had other dependencies on it, but this checks and balances if operating both ways would have caught it. From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Friday, November 30, 2012 5:51 AM To: NT System Admin Issues Subject: RE: SQL account management I agree with this approach, Usually this is a default build where service accounts are created and the SQL services are installed with the dedicated windows accounts running the services. As for SQL server accounts, I would recommend if possible do it by Global Groups, instead of regular SQL accounts, but if you had too the approach given by Brian is definitely on par. Data/Bussiness process owners specify the permissions that need to be granted to users and the DBA's (Data Custodians) implement them. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization ezi...@lifespan.org<mailto:ezi...@lifespan.org> From: Brian Desmond [mailto:br...@briandesmond.com] Sent: Thursday, November 29, 2012 6:33 PM To: NT System Admin Issues Subject: RE: SQL account management I'd expect a checks and balances type process here - app owner (business) approves access changes implemented by DBAs (IT). Thanks, Brian Desmond br...@briandesmond.com<mailto:br...@briandesmond.com> w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:david....@nwea.org] Sent: Thursday, November 29, 2012 4:35 PM To: NT System Admin Issues Subject: SQL account management For those of you with sizable environments, who manages SQL server accounts? DBA's, or the application owners whose application uses the SQL account? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
