Call to action: What do you own?2
April 29, 2020 by Kenneth Fisher
You restored that database, did you remember to change the owner or is it still you? How about that job over there? Or this schema? Have you granted a permission in your name? Or heck, did you know you can own an availability group?
Turns out you can own, accidentally or on purpose, a fair number of objects (and non-objects) within SQL Server. Why do you care? Well, it turns out that you won’t be working where you are forever. Eventually you will leave. Hopefully voluntarily under good terms (retirement anybody?). Regardless, you’ll be leaving, and your Id will be removed from the system. Now, the person after you has to deal with all of the errors that can (and will) be caused by your Ids removal from the network. Not to mention the pain of removing your information from SQL that can occur when you own all kinds of stuff.
It’s ok though, you hate your co-workers. Causing them some difficulty doesn’t bother you at all. Ok, lets shift this a bit. What do they own? I mean you hate them for a reason right? They may be leaving before you so you don’t want them causing you any more grief than they already do.
Regardless, this is my call to action. What do you own? What do your co-workers own? Who should actually own these objects? In some cases it might be sa, in others it might be an Id (possibly a SQL Id, possibly an AD service account) created specifically to own these objects. Now is a good time to find them, because finding out when a series of mission critical jobs start failing a few days after your beloved co-worker’s retirement is not a good time.
Category: Microsoft SQL Server, Security, SQLServerPedia Syndication | Tags: Microsoft SQL Server, security
2 thoughts on “Call to action: What do you own?”
Leave a Reply Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
I always try to keep an eye on this but I have see a lot of people miss this specially on backup restore. I would point out 1 time there was a owner dB tied to security to a specific sql user, it was a weird setup but changing owner broke the security.
That would be interesting to see. I haven’t seen a case where I couldn’t change the owner eventually.