1) Should a database be owned by an account with no privileges? 1b) If so should this account be a domain account? 1c) If so, should this account have some privileges at all, or is no privileges ok, as database access is handled via logins? 1d) Is 'sa' now a bad account to own databases as this will introduce security risk? I have checked the Microsoft 2012 security best practices paper but it is not 100% clear.