Trustworthy Bit


Applies To: SQL Server 2016

This rule determines whether the dbo role for a database is assigned to the sysadmin fixed server role and the database has its trustworthy bit set to ON.

If these conditions are met, a privileged database user can elevate privileges to the sysadmin role. In this role, the user can create and run unsafe assemblies that compromise the system.

Turn off the trustworthy bit or revoke sysadmin permissions from the dbo database role.


Monitor and Enforce Best Practices by Using Policy-Based Management

Community Additions