"An outside vendor has developed a web based software application that my company is looking at using. They are telling us that they require SA access to SQL Server in order to install the software and perform updates. We have taken the position that SA access to SQL Server is something we cannot grant. I have recommended based on my Oracle knowledge and experience that we create the necessary database and then give them SA access to just that database, while creating a user that has the grant and create user privileges that they can use to do any required maintenance. They have come back and told us that they must have SA access to SQL Server. Can anyone here tell me what application based tasks would possibly require this level of access. Also, is it customary in the SQL Server world to grant this level of access to a vendor outside of you organization (I know in the Oracle world this is strictly not allowed for obvious security reasons, but I do not know if the SQL Server world is different). Any information you could provide would be greatly appreciated."
Do you have any comments? Visit our forum today!