This is driving me absolutely crazy. For the 80th time, I’m required to create a user and give it the sysadmin role. I *have* to do this because the software is business critical (Blackberry Enterprise Server, Interwoven DMS) and installs will fail without it. With some software, I can temporarily grant access the take it away once the installation is complete. With others (such as SharePoint 2007) I can temporarily grant the account Database Creator and Security Admin roles then remove that once the install is complete. However, with Interwoven DMS, if I attempt to give the account *every* role except sa, the software will fail to do anything. Using SQL Profiler, I can see that the Interwoven logs in, checks to see if its sa and if not, then it quits. I filed a bug with the vendor months ago but have not heard back.
To make matters worse, Interwoven pretended that other DBAs were able to get around granting the user sa access but then were unable to help me duplicate their procedures. Later on, Interwoven admitted giving the user anything other than sa access would break the app.
So .. I can’t say no. All I can do is hope that their DB programmers are competent (which, if they require sa, are they really?) enough not to trash my servers or that filing bug reports will get the software vendors to fix the glaring security issues.
What do you do as a DBA when presented with this issue?