A Microsoft consultant told me if 'sa' is set as the database owner it is possible to give a user who is accessing the database as the database owner 'sa' rights on the server - and that this is a security risk. 1) Is this correct? 2) If not, is setting the database owner still a security risk? I have asked numerous DBAs and none seem to have a definitive answer. Please help if you can. I know what I want to do to reduce risk but would like to hear what everyone else recommends.