Correct way to disable login for SA account??

DisabledLivesMatter 141 Reputation points
2021-07-12T12:23:10.95+00:00

We need SA to be database owner but reduce potential security issues.
I've been told one thing to do is to disable the login permission for the SA account.
However, in looking this up I'm confused...everything is t-sql code and it's not clear whether to use deny or revoke...
Is it possible to do this in SSMS and if so how??
Thank you, Tom

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,585 questions
0 comments No comments
{count} votes

Accepted answer
  1. Robbie Varn 346 Reputation points
    2021-07-12T18:40:23.597+00:00

    There are two ways to disable the "sa" account. One way, in SSMS, is to right click on the login and select properties>status>Login: disabled. Another way is via t-sql, with this command: "Alter Login [sa] disable". The sa account can still own the databases but yet still be disabled.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. DisabledLivesMatter 141 Reputation points
    2021-07-12T18:50:35.597+00:00

    Thank you for replying...I knew it had to be something simple, but not exactly what/how.
    It was confusing when I read about disable vs deny vs revoke etc. etc.
    This is just what I needed.
    Thank you, :) tom

    0 comments No comments

  2. Cris Zhan-MSFT 6,601 Reputation points
    2021-07-13T02:05:36.797+00:00

    Hi,

    Welcome to Microsoft Q&A!

    >It was confusing when I read about disable vs deny vs revoke etc. etc.

    Disabling a login means that this account is not allowed to connect\login to the server. Disabling a login does not affect the behavior of logins that are already connected.

    Disabled logins retain their permissions and can still be impersonated.The sa account can still be the owner of databases, agent jobs, etc.

    Deny and Revoke respectively represent the deny of permission to a principal and removing a previously granted or denied permission, which are operations on user permissions.

    Best Regards,
    Cris


    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments