SQL Server provides various security roles to manage access and permissions within the database. One such role is the securityadmin fixed server role, which allows users to manage security-related tasks. However, there are certain considerations and potential vulnerabilities associated with this role that users should be aware of.
In SQL Server 2000, the securityadmin role had limited privileges and couldn’t perform actions such as making a login a member of the sysadmin role or granting equivalent permissions to sysadmin role membership. However, with the introduction of SQL Server 2005, granular permissions were introduced, including the CONTROL SERVER permission.
Members of the securityadmin role in SQL Server 2005 and onwards have the ability to ALTER ANY LOGIN and GRANT/REVOKE any server level permission. This means that a member of the securityadmin role can effectively create a login with sysadmin level rights. While this attack vector is mentioned in the SQL Server Books Online (BOL), it may not be explicitly clear.
It is important to understand that if someone is a member of the securityadmin role, they should be considered a member of the sysadmin role as well. If there are audit requirements that restrict sysadmin rights, simply limiting the user to the securityadmin role is not sufficient. The securityadmin role should be treated with the same level of caution as the sysadmin role.
So, what should you do if you need securityadmin level rights, similar to the SQL Server 2000 days? Here’s a recommended approach:
- Grant ALTER ANY LOGIN rights to the login that needs the securityadmin-like rights.
- Map the login to a user account in all the databases it needs to control access to using CREATE USER.
- Grant ALTER ANY USER in those databases to the user accounts.
- Grant the ability to assign any other necessary permissions to those user accounts.
If you already have securityadmin implemented and need to address the potential vulnerabilities, there are remediation tricks available. These tricks not only block CONTROL SERVER but also address other methods of privilege escalation. Stay tuned for an upcoming article submission that will provide more details on these remediation techniques.
It is crucial to stay informed about the security roles and permissions in SQL Server to ensure the integrity and confidentiality of your data. By understanding the implications of different roles, you can effectively manage access and mitigate potential risks.