2.5 Ensure the SharePoint setup account is configured with the minimum privileges on the SQL server - db_owner

Information

The SharePoint setup account must be configured with the minimum privileges on the SQL server.
Rationale:
Having the SharePoint setup account be configured with the minimum necessary privileges on the SQL server would help reduce the risks related to account misuse. When excessive roles are given to any SQL server accounts, the potential impact of actions performed through the account increases. Malicious action performed by compromised accounts in the control of an attacker, or even honest mistakes and gaffes performed by valid users can have vast devastating consequences, depending on the roles and privileges given.

Solution

1. Launch SQL Server Management Console and navigate to Security > Logins.
2. Select the SharePoint Setup User account.
3. Click on Server Roles and check only dbcreator and securityadmin.

See Also

https://workbench.cisecurity.org/files/2031

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CSCv6|5.1

Plugin: MS_SQLDB

Control ID: 9b239ce84c1b01115c3e10ef36389e76f12f1f0e4b7a7f9a02d634c893691e34