It’s 2011: Do you know where your SA credentials are?

re: It’s 2011: Do you know where your SA credentials are?

Davide Mauri — Tue, 12 Jul 2011 22:17:09 GMT

I like the option 3. Vendor must understand that as DBA is our duty check that security is not compromised in any way, ever. No way I'm going to enable "sa" anymore.

re: It’s 2011: Do you know where your SA credentials are?

Josh Feierman — Tue, 12 Jul 2011 23:15:31 GMT

Couldn't agree more here. I hate it when vendors are lazy and just demand blanket sysadmin rights. It's even more inexcusable to demand THE sa account.

I've sworn in front of people that if I ever own an ISV my software will make administrators (as well as business people) smile, not cringe.

re: It’s 2011: Do you know where your SA credentials are?

Peter — Wed, 13 Jul 2011 08:36:41 GMT

Have a look at Microsoft Dynamics CRM which needs the sysadmin role and to be in the local administrators group on the database server while a new organization database is created.

re: It’s 2011: Do you know where your SA credentials are?

eccentricDBA — Wed, 13 Jul 2011 12:44:12 GMT

I agree. My major issue is the number of products produced by Microsoft that does this. It would be great if someone would start a website that would document that rights required for these applications or at least list the applications the applications that either do things right or wrong. It would help when performing application selection.

Honestly, I would be a fan of saying any application that is "black" listed it is automatically removed during the application selection process.

re: It’s 2011: Do you know where your SA credentials are?

merrillaldrich — Wed, 13 Jul 2011 22:33:49 GMT

@Peter - I know, right? I've done that one. MS is also an offender, though less often.

re: It’s 2011: Do you know where your SA credentials are?

magasvs — Sun, 17 Jul 2011 15:49:51 GMT

Another Microsoft application that requires sysadmin role is SCCM.