Re: Not using SA - Then what?

From: Richard Waymire [MS] (rwaymi_ms@microsoft.com)
Date: 05/31/02 

From: "Richard Waymire [MS]" <rwaymi_ms@microsoft.com>
Date: Fri, 31 May 2002 11:48:15 -0700

Actually this isn't quite correct. The users CAN create objects as
dbo.objectname but it won't happen by default. Only the one and only dbo
user will have that happen by default. 

--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Chris Beardsley" <clb39@nospam-cornell.edu> wrote in message
news:OGJyYINCCHA.1544@tkmsftngp02...
> > You can add developers to the db_owner role and use Windows
> > authentication.
> > Any objects they create will be owned by dbo.
> This is the morsel of information I was seeking.  But it sounds to me like
I
> have much more to learn about good security practices... Sue's point of
> using a template for building objects and your (Linda's) point about
having
> them build the objects then someone with the proper credentials impliment
> the code through query analyzer sounds like a solid framework for security
> and quality assurance. Now - any idea where I can begin reviewing sample
> templates ; ) ?
>
> Thank you both for your input. Sue - and thank you for some of your other
> responses which I also gained knowledge from.
>
> Chris
>
> "lindawie" <lindawie@my-deja.com> wrote in message
> news:uX#FsiLCCHA.2656@tkmsftngp05...
> > Chris,
> >
> > > I have read that people should not be using SA for anything. How then
> > > do I have multiple developers/managers login to enterprise manager
> > > etc but have all the objects owned by dbo (we each have diff NT
> > > logins)? If SA is stored in clear text in some situations, wouldn't
> > > all uid/pswrd combo's appear in clear text?
> > >
> > > We have wrestled with people making and therefore owning objects, and
> > > causing headaches in the past...
> >
> > Change the SA password and don't give it to anyone.
> >
> > You can add developers to the db_owner role and use Windows
> > authentication.
> > Any objects they create will be owned by dbo.
> >
> > A much better approach is to have developers write scripts to create all
> > objects and then you execute the scripts either in Query Analyzer or
> > in batch using osql.
> >
> > Linda
> >
> >
>
>

Relevant Pages

  • Re: User table updates are recorded as dbo instead of userid
    ... developers will be identified as dbo in every database. ... Remove the developers from the local computer Administrators group, ... Developers having sysadmin permissions? ... 2) sysadmin role members and 3) dbo aliases. ...
    (microsoft.public.sqlserver.security)
  • Re: User table updates are recorded as dbo instead of userid
    ... all Developers are also ... up as dbo when updating tables? ... 2) sysadmin role members and 3) dbo aliases. ...
    (microsoft.public.sqlserver.security)
  • Re: User table updates are recorded as dbo instead of userid
    ... If all developers are members of BUILTIN\Administrators, and BUILTIN\Administrators is a member of the sysadmin group, then all developers will be identified as dbo in every database. ... Developers having sysadmin permissions? ...
    (microsoft.public.sqlserver.security)
  • Re: Not using SA - Then what?
    ... > do I have multiple developers/managers login to enterprise manager ... You can add developers to the db_owner role and use Windows ... Any objects they create will be owned by dbo. ... A much better approach is to have developers write scripts to create all ...
    (microsoft.public.sqlserver.security)
  • Re: Not using SA - Then what?
    ... > authentication. ... >> etc but have all the objects owned by dbo (we each have diff NT ... > You can add developers to the db_owner role and use Windows ... > A much better approach is to have developers write scripts to create all ...
    (microsoft.public.sqlserver.security)