Trustworthy Bit

Applies to: SQL Server

This rule determines whether the dbo role for a database is assigned to the sysadmin fixed server role and the database has its trustworthy bit set to ON.

If these conditions are met, a privileged database user can elevate privileges to the sysadmin role. In this role, the user can create and run unsafe assemblies that compromise the system.

Best Practices Recommendations

Turn off the trustworthy bit or revoke sysadmin permissions from the dbo database role.

For More Information


See Also

Monitor and Enforce Best Practices by Using Policy-Based Management