Explicit permissions granted to the public role
Issue: One or more explicit permissions have been granted to the public role on your SQL Server instance.
Problem: By default, the public role includes anyone who has a login that allows them to connect to your instance, and it include very few permissions. There is very little reason for the public role to be granted any explicit permissions, since there is virtually no permission that everyone who has a login needs on your SQL Server.
Moreover, there are some permissions like BACKUP DATABASE that can allow anyone to make a copy of your database. Allowing anyone to make database backups is a great way to encourage a data breach.
Straight Path classifies this vulnerability as level 2, "High - review required" in sp_CheckSecurity.
Learn More...Database owner is different from owner in master
Issue: The owner of the database is different than what is noted in the master database.
Problem: This isn't so much a problem as a mess that should be cleaned up. You want to have the correct database owner for a database since the owner of the database has specific elevated permissions.
Learn More...Orphaned users
Issue: One or more users in user databases has been found to not have an associated login at the instance level.
Problem: Orphan user permissions are unable to be assigned to a current login. This typically happens when SQL Server logins are used to assign user permissions to a database, and then either the login is dropped from the instance or the database is copied to an instance where the login does not exist.
Learn More...Database roles within roles
Issue: One or more database roles has been found to have been included in another database roles.
Problem: Nesting database roles can obscure actual permissions for a role, leading to unintended privilege escalation in your databases.
Learn More...About sp_checks
This page contains a list of SQL Server configuration checks performed by Straight Path's suite of sp_check tools. For more details about our free tools, select one from the following list: