SQL Server Security best practices

• Minimize the number of SQL Server logins.


• Use Windows group logins to simplify ongoing management where possible.


• Disable logins rather than dropping them if there is any chance that they will be needed again.


• Ensure that expiry dates are applied to logins that are created for temporary purposes.


• Use fixed server-level roles to delegate server-level management responsibility, and only create user-defined server-level roles if your specific administrative delegation solution requires them.


• Disable the guest user in user databases unless you specifically require guest access.


• Aim to grant the minimum number of explicit permissions possible to meet the security requirements, and use membership of roles and inheritance to ensure the correct effective permissions.


• Ensure every user has only the permission they actually require.