Changing DB ownership to sa account for all databases not SA

As we know, when we create database on SQL Server instance, SQL Server engine sets the login that created the database as the default database owner. This gives the user full control on the database, meaning he/she can do whatever they like on that particular database. According to the SQL Server security best practice document, we should grant login with the least amount of privileges. Therefore, it is recommended to set built-in sa account as an owner of all databases on SQL Server instance. This will make database and server more secure.

How to identify the ownership of the system and user databases on SQL Server instance?

You can use SQL Server Management Studio to view the database owner. Follow these steps to view the database owner using SQL Server 2014 Management Studio:

In SQL Server Management Studio, connect to an instance of the SQL Server Database Engine with Object Explorer.
In Object Explorer, right-click the database for which you want to check the database ownership, and then click Properties.
This opens the database property window, showing you the general database information and ownership details.


Below is the quick script I wrote, which can be used to identify the user database where the owner is not sa. This script also gives you ALTER AUTHORIZATION Transact DCL command for each database to transfer its ownership to sa account:



USE [master];
GO

SELECT [name] AS [DBName], SUSER_SNAME( [owner_sid] ) AS [ExistingOwner]
,N'ALTER AUTHORIZATION ON DATABASE::' + QUOTENAME( [name] ) + ' TO '
+ QUOTENAME((SELECT [name] FROM [sys].[sql_logins] WHERE [sid] = 0x01)) AS [ScriptToChangeDBOwner]
FROM [sys].[databases]
WHERE [database_id] > 4
AND [owner_sid] <> 0x01
AND [state_desc] = 'ONLINE';
GO

Comments

Post a Comment

Popular posts from this blog

How to mass update all or some sql server agent job step commands

How to mass update all or some sql server agent job step and commands using TSQL.   This will use the built-in Replace function to search text in SQL agent jobs  SQL Agent Job information is stored in MSDB and can reviewed using some of the following queries: SELECT * FROM msdb.dbo.SysJobs SELECT * FROM msdb.dbo.SysJobSteps -- OR SELECT a.name as job_name, b.step_name, b.subsystem, b.command, b.database_name, a.enabled       ,a.description, a.date_created, b.job_id, b.step_id   FROM [dbo].[sysjobsteps] as b   INNER JOIN sysjobs as a ON a.job_id = b.job_id Since I will be focusing on the Commands column I will look at using this query to extract data into a temp table so that I can test any updates with the replace step before doing an update to MSDB. This would be your opportunity to archive or save any commands as needed.  Some people may prefer to generate all the syntax necessary to use EXEC sp_update_jobstep so you a...
Read more

SQL Monitoring for Blocking and Locking Capture and Log to table with sp_WhoIsActive or sp_BlitzWho

Image
You can use  sp_WhoIsActive or sp_BlitzWho and log the capture data to a table.   In my example I will use sp_whoisactive as I am more familiar with its use and data collection, however I will look at creating a future post using BlitzWho.  I will provide a few examples that were used to determine that the paid SQL monitoring products can be fancy tools but can be useless if you don't understand the basic concepts or even an understanding of how we capture similar data or in some cases more finely tuned to a specific scenario or use case.  Sometimes these paid solutions are incorrect or things can simply go wrong (Services Fail to start or the data is aggregated and misses something like the query commands and SQL Fragments) and it's always good to plan ahead and be prepared.   Sp_WhoIsActive is a procedure written by Adam Machanic. It can be found here:  sp_whoisactive downloads Sp_BlitzWho is a procedure written by the Brent Ozar team....
Read more

SQL Server General Index Naming Convention

SQL Server General Index Naming Convention  easy to follow:  PK_ for primary keys PK_  Primary Keys, which are logical constructs and not necessarily physical constructs, get tagged with a PK_ prefix. In most systems that I design the PK_ isn’t a clustered index.  IX_ for non clustered non unique indexes IX_  standard single or even multi-column indexes used for seeks or intersection just get prefixed with an IX_ (for  I nde X ). In cases where I need a composite index (i.e., multiple columns) but still explicitly ‘tolerate’ key/bookmark lookups, I’ll still call my seek/intersection/composite indexes IXes. UK_ for unique keys UK_  for unique key index UX_ for unique indexes UX_  for unique index. CLIX_ for Clustered Index (non PK) CLIX_  (non-PK) Clustered Index name is prefixed with CLIX (for  CL ustered  I nde X ) Additionally, I like to code all Create Indexes in SQL 2012 and above with an if not ...
Read more