http://weblogs.asp.net/bdill/archive/tags/Security/default.aspxTags: SecurityenCommunityServer 2007 SP1 (Build: 20510.895)http://weblogs.asp.net/bdill/archive/2009/01/21/who-owns-your-databases.aspxWed, 21 Jan 2009 19:36:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:6851978MuteThis0http://weblogs.asp.net/bdill/rsscomments.aspx?PostID=6851978http://weblogs.asp.net/bdill/archive/2009/01/21/who-owns-your-databases.aspx#comments<P mce_keep="true">Right now we have owners set to whoever creates the databases for most databases, but&nbsp;there are a few owned by sa.&nbsp; I'm thinking how great it would be to consolidate this.&nbsp; To this end, I've created a database owner domain account and added it as a SQL server login.&nbsp; The login only has the public server role.&nbsp; In a move common with things I typically do, going overboard, I have denied this accounts ability to connect to the server and disabled it.</P> <P mce_keep="true">So far things seem to be going smoothly.&nbsp; One thing to note is that if you are planning on using unsafe clr assemblies the owner will need to have unsafe permissions....</P> <P mce_keep="true">This seems like a fairly secure database owner setup to me.&nbsp; I mentioned it to someone and he asked if we just had a security problem...&nbsp; No, that's the point, we don't want one.&nbsp;&nbsp;What do you think?</P> <P mce_keep="true">If things work out, we'll be looking for a way to automatically set the owner.&nbsp; I'm guessing it'll need to be a server level trigger, because I don't see anything in model that let's you assign a default owner...</P> <P mce_keep="true">Feedback greatly appreciated.</P><img src="http://weblogs.asp.net/aggbug.aspx?PostID=6851978" width="1" height="1">SQL ServerSecurity