I did a Vulnerability Assessment for my database today. I found VA2108 and it suggests me to
ALTER ROLE [db_owner] DROP MEMBER [dbo]
But it's the default setting of any SQL instance.
Should I go for it? And is there any risk?
Thanks
SQL Server – Should dbo Be Dropped from Database Role db_owner
azure-sql-databaseSecuritysql servervulnerability-assessment
Related Question
- Sql-server – How to enable a SQL Server 2012 login to create, alter and drop the created databases
- SQL Server Permissions – How to Allow Developers to View Query Plan Without Running Trace
- SQL Server – db_owner Role Cannot Create Stored Procedures
- SQL Server Snapshot Creation – Why db_owner or sysadmin is Required
- Sql-server – how to determine why I cannot drop a schema
- Sql-server – The EXECUTE permission was denied on the object ‘SPROC’, database ‘DATABASE’, schema ‘dbo’
- SQL Server – Deny DDL_ADMIN Permissions to a Role on [dbo] Schema
- Azure SQL – Should db_owner Role be Provided to Web App User
Best Answer
Don't worry about it, as J.D. says.
In fact, you cannot drop dbo from db_owner. There's a hard-wired blocker in the engine prohibiting you to do so. Try and you get the error: