Managing the 3rd Party sysadmin curse in Microsoft SQL Server

Originally Posted 8/28/2014

An issue that has always come up with 3rd party applications that run on top of SQL Server is their insatiable desire to have sysadmin role access to the instance they run on.  It is an issue I have dealt with for as long as I can remember.  Historically, the documentation would ask for the access, but when it came down to it we always found a way that they could get by with lesser permissions (i.e., db_owner and maybe throw in some permissions in msdb to manage jobs).  But lately, we have been seeing more and more applications that are building sysadmin role checks into their installers and not moving forward without it.  Microsoft even requires it for System Center Operations Manager and other products.

My team is a cautious bunch, and we try our best to use shared instances as much as we can to keep down costs (we run a density of about 25 databases per instance).  Which means we are spending more time these days tracing installs and negotiating with vendors on permissions on these 3rd party applications.

For those of you who came to this page looking for the silver bullet, I am sorry that is not the purpose of this post.  Instead, I am interested to here what you all have tried to manage this issue.  I but together a quick light hearted survey to try and see how most people are handling this issue.  I am also interested to hear if anyone has found a great way to deal with this issue.  The survey is hosted by SurveyMonkey.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s