Database Ownership

Aug 19, 2014 at 5:39 AM
Edited Aug 19, 2014 at 6:17 AM
Apologies in advance if this question seems simplistic or out of place, I'm a nix/Oracle guy who has recently started supporting Win/MSSQL boxes so a lot of this stuff goes over my head (unlike Drax).

My question is related to the manual login creation procedure outlined on this page

The first step outlined is to create credential which is then linked/referenced during the login creation step. Why is it necessary to create a credential beforehand? After reading references online, my understanding is that credentials are used for when connecting to sources outside the SQL Server instance. But if the user account is to be used for database ownership, with databases owned on the same instance, why would a credential still be necessary?
Aug 19, 2014 at 7:35 PM
It took me a few minutes to work out why this is done. I will get the Wiki updated to explain...

The credential is created to allow the database owner account to be found by the 'Configure Standard Database Properties' processing. The code looks for the credential name StandardDBOwner and retrieves the account name associated with it. It can then set that account name to be the owner for user databases. By using a credential in this way, someone outside of SQL Server has no way of finding out what is the db owner account, while still providing an anchor for finding the account once someone has gained access to SQL Server.
Aug 20, 2014 at 1:20 AM
Edited Aug 20, 2014 at 1:20 AM
Thanks for the detailed explanation Ed, that definitely helps to make things clearer :)