Try our conversational search powered by Generative AI!

Security - dbOwner permissions?!


Hi all

I'm working as a solution architect on a new installation of EPiServer CMS5 SP2 in the UK.

Our team has noticed that all database access in EPiServer is done using an account with the "dbowner" role - is this normal?! 

Database access in all our other applications (especially those exposed to the web) follows data security best practice - i.e. it is locked down to the absolute minimum permission level required for data retrieval so, should anyone compromise the web server, they can't drop database tables, delete data, access sensitive data etc.

Has any analysis work been done on database permissions?  Has anybody changed the default permission levels in EPiServer (and did it break anything?!)?

Ideally we want to know what database permissions should be allocated for various tasks within the application - e.g. editing a site, creating new pages, and most importantly simply reading a site as an end user.





Jul 02, 2008 17:38

Did you get anywhere with this? We are encountering the same problem. I will send a support ticket to try and get the answers to this.

Apr 19, 2012 1:19

Any luck on this one?

Oct 26, 2012 10:24
This thread is locked and should be used for reference only.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.