I'm setting up a server that my company will be managing for one of our clients. This server runs an application that is managed by a 3rd party. We are responsible for the server and OS and the 3rd-party is responsible for the application and the MS SQL databases. I'm wondering if the 3rd party is given SA rights to SQL if this will allow them any sort of control over the OS side. SQL is not my forte. We would be using Server 2008 R2 with MS SQL Server 2008.
Thanks.
Best Answer
sysadminrights allow the use of things likexp_cmdshelland thesp_OA%stored procs which can affect the underlying OS, but it depends on the service account usedIf you limit the service account permissions (eg not local system, not local admin and certainly not domain admin) then it's pretty much OK. The SQL installer limits the permissions of the service account during install, of course this assumes you don't escalate permissions yourself.