The ultimate goal of implementing least privilege is reducing the permissions of user and service accounts to the absolute minimum required. Doing this can be difficult and requires considerable planning. This section focuses on this goal from four perspectives:
Separating Windows and database administrator privileges
Reducing the permissions of the SQL Server service accounts
Using proxies and credentials to limit the effective permissions of SQL Server Agent jobs
Using role-based security to simplify and tighten permissions management
Let's begin with a contentious issue: separating and limiting the permissions of DBAs and Windows administrators.
Removing the local ...