SQL Server 2008 Administration in Action

6.3. Implementing least privilege

The ultimate goal of implementing least privilege is reducing the permissions of user and service accounts to the absolute minimum required. Doing this can be difficult and requires considerable planning. This section focuses on this goal from four perspectives:

Separating Windows and database administrator privileges
Reducing the permissions of the SQL Server service accounts
Using proxies and credentials to limit the effective permissions of SQL Server Agent jobs
Using role-based security to simplify and tighten permissions management

Let's begin with a contentious issue: separating and limiting the permissions of DBAs and Windows administrators.

6.3.1. Windows and DBA privilege separation

Removing the local ...

Get SQL Server 2008 Administration in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Server 2008 Administration in Action by Rodney C. Colledge

6.3. Implementing least privilege

6.3.1. Windows and DBA privilege separation

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly