I agree with this approach,
Usually this is a default build where service accounts are created and the SQL services are installed with the dedicated windows accounts running the services. As for SQL server accounts, I would recommend if possible do it by Global Groups, instead of regular SQL accounts, but if you had too the approach given by Brian is definitely on par. Data/Bussiness process owners specify the permissions that need to be granted to users and the DBA's (Data Custodians) implement them. Z Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] From: Brian Desmond [mailto:[email protected]] Sent: Thursday, November 29, 2012 6:33 PM To: NT System Admin Issues Subject: RE: SQL account management I'd expect a checks and balances type process here - app owner (business) approves access changes implemented by DBAs (IT). Thanks, Brian Desmond [email protected] <mailto:[email protected]> w - 312.625.1438 | c - 312.731.3132 From: David Lum [mailto:[email protected]] Sent: Thursday, November 29, 2012 4:35 PM To: NT System Admin Issues Subject: SQL account management For those of you with sizable environments, who manages SQL server accounts? DBA's, or the application owners whose application uses the SQL account? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
