Lowest Database user permissions

Vote:
 

Which are the lowest permissions an episerver DB user must have?

I have tried to find this info. Is the lowest a "db owner"?

#283620
Jul 13, 2022 12:04
Vote:
 

As far as I remember yes the DB needs DB owner as it does schema migration

#283634
Jul 13, 2022 15:19
Vote:
 

If you allow specifically to change schema - then as @Scott mentioned - you have to run application with user who has quite high permissions on the database.

If you don't want to run with db_owner, another alternative is to run with db_datareader, db_datawriter, db_ddladmin. But that effectively almost the same as db_owner.

What we are experimenting with (knowing exact releases when there is new platform libraries update) - run an application with ordinary user (reader, writer permissions), and then upon schema change deployment - temporarily switch user with high permissions.

Another alternative - would be to do schema changes from dedicated application which is configured to access database with high permission user.

But not sure if this all is worth the hustle. It's better to focus on other security vulnerabilities that would prevent harm done to the system (like SQL injections can be executed also via the user with low permissions).

#283744
Jul 15, 2022 9:00
Scott Reed - Jul 15, 2022 9:11
Nice, a far more thorough and accurate answer than mine :-)
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.