VA2108 - Minimal set of principals should be members of fixed high impact database roles

Question

I have Azure SQL database. Azure Security Center tells vulnerability

VA2108 - Minimal set of principals should be members of fixed high impact database roles.

Vulnerability Severity is "High" and Status is "Unhealthy".

It is pointing to principal "dbo".

CREATE USER [dbo] FOR LOGIN [mysqladmin] WITH DEFAULT_SCHEMA=[dbo]
GO

Vulnerability notification is based on:

SELECT user_name(sr.member_principal_id) AS [Principal]
    ,user_name(sr.role_principal_id) AS [Role]
    ,type_desc AS [Principal Type]
    ,authentication_type_desc AS [Authentication Type]
FROM sys.database_role_members AS sr
INNER JOIN sys.database_principals AS sp ON sp.principal_id = sr.member_principal_id
WHERE sr.role_principal_id IN (
        user_id('bulkadmin'),
        user_id('db_accessadmin'),
        user_id('db_securityadmin'),
        user_id('db_ddladmin'),
        user_id('db_backupoperator'))
    OR (sr.role_principal_id = user_id('db_owner')
        AND sr.member_principal_id <> user_id('dbo'))

I thought that dbo principal with db_owner is automatically created.

What is actually wrong with this principal?

Can you provide more details regarding the error you are getting? — MayankAvasthi-MT, May 25 '22 at 11:57
No errors. Vulnerability Severity is "High" and Status is "Unhealthy" for principal dbo. Could it be bug in Security center? One db_owner is always required in Azure SQL? — Kenny_I, May 25 '22 at 12:37

VA2108 - Minimal set of principals should be members of fixed high impact database roles

0 Answers0