should I give dbo permissions to NT AUTHORITY\NETWORK SERVICE?

Question

We're in the process of assessing a new application that will require access to our MSSQL database

I've set up a user that is a member of a role only giving it readonly access to certain views in the database and the application is fine using this user to access our database.

However it says I still have one thing left to do and that's to give NT AUTHORITY\NETWORK SERVICE dbo permissions on the same database

At the moment this is only a test environment but it will need rolling out onto our live system if we choose to use the application

Am I right in saying it would be insecure to give dbo permissions to this service account?

please let me know if there's anything I'm misunderstanding about the service accounts

Answer 1

I wouldn't directly say it is insecure to give dbo permissions to that account but it is definitely more secure to have the application run under an account only it can use and apply permissions accordingly.