Unfortunately, the real answer here is, Microsoft assumes you are abusing the dbo user if you have not yet created any service principle or standard user without drop/create/alter privileges. So just go create a random user whether or not you need it yet and give that user db_datareader role only, or no role at all.
VA1143 - 'dbo' user should not be used for normal service operation
Hi Team,
I got below Vulnerabilities for the Azure SQL Managed Instance. Could you please provide the remediation for the VA ?
VA1143 - 'dbo' user should not be used for normal service operation
2 answers
Sort by: Most helpful
-
-
Alberto Morillo 33,426 Reputation points MVP
2023-03-08T16:57:17.8366667+00:00 The VA rules suggests the following:
"Create users with low privileges to access the DB and any data stored in it with the appropriate set of permissions."
Make sure you use the "least privilege principal" approach. Give users permissions that are absolutely necessary. Make sure they do not have ALTER database permissions. Make use of Database Roles and assigned users to them. Make sure "dbo" is restricted to administrators only.