Originally Posted 8/28/2014

An issue that has always come up with 3rd party applications that run on top of SQL Server is their insatiable desire to have sysadmin role access to the instance they run on.  It is an issue I have dealt with for as long as I can remember.  Historically, the documentation would ask for the access, but when it came down to it we always found a way that they could get by with lesser permissions (i.e., db_owner and maybe throw in some permissions in msdb to manage jobs).  But lately, we have been seeing more and more applications that are building sysadmin role checks into their installers and not moving forward without it.  Microsoft even requires it for System Center Operations Manager and other products.

My team is a cautious bunch, and we try our best to use shared instances as much as we can to keep down costs (we run a density of about 25 databases per instance).  Which means we are spending more time these days tracing installs and negotiating with vendors on permissions on these 3rd party applications.

For those of you who came to this page looking for the silver bullet, I am sorry that is not the purpose of this post.  Instead, I am interested to here what you all have tried to manage this issue.  I but together a quick light hearted survey to try and see how most people are handling this issue.  I am also interested to hear if anyone has found a great way to deal with this issue.  The survey is hosted by SurveyMonkey.