Lets say I am defining AD Admin for my Azure SQL Server instance -- then isn't 'Server Admin' redundant? Because if I have AD Admin defined , I don't see what is the use for having server admin. And we can have an azure group be specified as AD Admin so we can't necessarily say that server admin exists as a stand by admin account in case AD admin leaves the organization, because precisely for that reason we can define azure group as AD Admin. Is there a way we can somehow remove (or not define) Server Admin?
Asked
Active
Viewed 467 times
1 Answers
2
It is not possible to remove or disable the SQL Server Admin. The mechanism that the Azure Subscription owners use to force their way into their own database is to reset the SQL Server Admin password from the Azure Portal.
The Azure Subscription Owner and the AAD SQL Admin identity have joint ownership of the Azure SQL Server. Either one needs to be able to re-acquire administrative access to the server.
One option you have is to assign the SQL Server Admin a strong password and forget about it. Do not use it and do not share it with anyone on the organization. Nobody will use it then.
Alberto Morillo
- 13,893
- 2
- 24
- 30
-
in terns of permissions can we then say that server admin & AD admin are exactly equivalent ? – Dhiraj Jun 14 '20 at 22:41
-
1Yes, they both have the same administrative access – Alberto Morillo Jun 15 '20 at 04:22