sql server sa account disable

NeophyteSQL 241 Reputation points
2020-08-25T00:48:10.26+00:00

I am working on renaming and disabling the sa account
the sa account has been renamed to sa_tmp
the dbo user on all databases now show they are associated with the login sa_tmp
if I disable the login, how should I handle all the schemas owned by the user dbo in the respective databases.
should I transfer the schemas from dbo to a different user.
thanks a lot

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,998 questions
0 comments No comments
{count} votes

9 answers

Sort by: Most helpful
  1. tibor_karaszi@hotmail.com 4,311 Reputation points
    2020-08-25T14:04:11.287+00:00

    I understand that. It doesn't invalidate anything I said. If you change the ovner of the database to somebody else than sa, then the schema vill be owner by dbo, but dbo will no longer point to sa.

    0 comments No comments

  2. NeophyteSQL 241 Reputation points
    2020-08-25T15:03:57.44+00:00

    Tibor,

    Thanks for your answer.

    However I understand the database owners ,the database owners can be a different login. the schemas of the database are owned by dbo, do they need to be transferred to some other login so sa is not used indirectly.

    0 comments No comments

  3. Tom Phillips 17,741 Reputation points
    2020-08-25T20:21:21.163+00:00

    Let me be perfectly clear.

    You do not need to do anything to the database owner or schema owner. Everything will work just fine when you disable "sa_tmp". The user must exist, not be "enabled".

    0 comments No comments

  4. Erland Sommarskog 112.7K Reputation points MVP
    2020-08-25T22:04:09.327+00:00

    thanks , is it ok for schemas inside the databases to be owned by dbo, and dbo user in turn is related to the sa login

    The dbo schema must be owned by dbo. Other schemas do not have to be, but you would only change the schema owner if there is a special reason.

    The database on the other hand is a different story. It is not good practice to have it owned by a sysadmin account. As Tibor says, my recommendation is that you create a unique SQL login which only exists to own that database. If the database is called Telephones, the login would be Telephone$owner or something like that. That login would be disabled and not granted any permissions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.