SQL2-00-015600 - Database objects must be owned by accounts authorized for ownership.


SQL Server database ownership is a higher level privilege that grants full rights to everything in that database, including the right to grant privileges to others. SQL Server requires that the owner of a database object be a user, and only one user can be the assigned owner of a database object. This tends to minimize the risk that multiple users could gain unauthorized access, except the one individual who is the owner.

Within the database, object ownership implies full privileges to the owned object, including the privilege to assign access to the owned objects to other subjects. Unmanaged or uncontrolled ownership of databases can lead to unauthorized granting of privileges and database alterations.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Add and/or update system documentation to include any accounts authorized for object ownership and remove any account not authorized.

Reassign database ownership to authorized database owner account:
Navigate to SQL Server Management Studio >> Object Explorer >> <'SQL Server name'> >> Databases >> right click <'database name'> >> Properties >> Files.
Select new database 'Owner':
Navigate to click on [...] >> Select new Database Owner >> Browse... >> click on box to indicate account >> <'OK'> >> <'OK'> >> <'OK'>

See Also


Item Details


References: 800-53|CM-5(6), CAT|II, CCI|CCI-001499, Rule-ID|SV-53935r2_rule, STIG-ID|SQL2-00-015600, Vuln-ID|V-41407

Plugin: MS_SQLDB

Control ID: 654a0479b9d23b2ee35560f2842d7e8b3c4d9f85ec95e98b81d19ed3eba24750