At my organisation there are conflicting schools of thoughts around service accounts. This has come up because they wish to deploy SQL Server for the sole purpose of running SharePoint databases.
One group believe that a different service account should be used for each server application and for each environment (e.g. production, UAT/test, development). So in this example each SQL Server installation for SharePoint would have its own service account for prod, UAT and dev. Their reasons are security and preventing interference between environments.
Another believes that service accounts should be shared between production and test environments. So for the example there would be one SQL Server service account across prod, UAT and dev. (I’m not sure about sharing that account between different server applications.) Their reasons are security again as there are less passwords to change and reduced complexity.
Considering security, uptime and reliability, protection against mistakes, risk management, etc… what should be the recommended approach?
Thank you!
Answer
We follow the first group, which has a seperate service account for each environment & server application.
The main reason is security, but another good reason is that if some work is being done in test or dev, which requires changing security, you know that it is not impacting the production environment in any way.
Attribution
Source : Link , Question Author : Alex Angas , Answer Author : Bravax
