Blitz Result: Database Owners <> SA

When databases are created, the owner defaults to whoever created it.  This ownership gives the creator additional permissions, and this can be a problem in a locked-down secure environment where we need to honor the principle of least privilege.

This part of our SQL Server sp_Blitz script checks sys.databases looking at the owners.  It was contributed by Ali Razeghi.

To Fix the Problem

If you want to make SA the owner on a database, run this T-SQL command:

ALTER AUTHORIZATION ON DATABASE::ReplaceThisWithYourDatabaseName to sa;

After the change, your server will be more secure – but users may be accustomed to doing things they no longer have permission to do.  Check with the former database owner to make sure everything continues to work.

Return to sp_Blitz or Ask Us Questions