---
title: SQL Server predictable admin account name
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > SQL Server predictable admin account name
---

# SQL Server predictable admin account name

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `ansible-azure-sql-server-predictable-admin-account-name` 

**Provider:** Azure

**Platform:** Ansible

**Severity:** Low

**Category:** Best Practices

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_sqlserver_module.html)

### Description{% #description %}

Admin usernames for Azure SQL Server must not be empty or use predictable names. Predictable account names (for example, "admin" or "administrator") make it significantly easier for attackers to perform brute-force, credential-stuffing, and targeted authentication attacks.

For Ansible resources using `azure.azcollection.azure_rm_sqlserver` or `azure_rm_sqlserver`, the `admin_username` property must be defined as a non-empty string. It must not be one of the following predictable names: `admin`, `administrator`, `root`, `user`, `azure_admin`, `azure_administrator`, or `guest`.

Tasks that omit `admin_username`, set it to an empty value, or use any of the predictable names (checked case-insensitively) are flagged as insecure.

Secure example:

```yaml
- name: Create Azure SQL Server
  azure.azcollection.azure_rm_sqlserver:
    name: my-sql-server
    resource_group: my-rg
    location: eastus
    admin_username: dbadmin01
    admin_password: "{{ sql_admin_password }}"
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
#this code is a correct code for which the query should not find any result
- name: Create (or update) SQL Server
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name
    location: westus
    admin_username: mylogin
    admin_password: Testpasswordxyz12!
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
#this is a problematic code where the query should report a result(s)
- name: Create (or update) SQL Server1
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name1
    location: westus
    admin_username: ""
    admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Server2
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name2
    location: westus
    admin_username:
    admin_password: Testpasswordxyz12!
- name: Create (or update) SQL Server3
  azure_rm_sqlserver:
    resource_group: myResourceGroup
    name: server_name3
    location: westus
    admin_username: admin
    admin_password: Testpasswordxyz12!
```