Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

listing all user accounts using non-admin user Expand / Collapse
Author
Message
Posted Monday, March 30, 2009 1:45 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Tuesday, October 14, 2014 2:13 PM
Points: 413, Visits: 404
As part of our SOX checks we use a non-sysadmin account to read all user accounts in the database and look to see what server roles they have and also what database roles each user has on each database.

This worked fine in MSSQL 2000 but I'm having trouble in MSSQL 2005 listing all users using an account that doesn't have either securityadmin or sysadmin. Using a non-admin account I only see roles (db_owner, db_access_admin, db_security_admin, db_ddladmin, etc), public, sa, dbo, guest, INFORMATION_SCHEMA, sys, and the non-admin user doing the select. I don't see any windows-authenticated accounts nor any other database accounts.

I need to read both sys.server_principals and sys.database_principals using a non-privileged account and retrieve information about ALL accounts.

Does anyone have any suggestions how I can get this information?
Thanks.
Post #686456
Posted Monday, March 30, 2009 3:18 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 6:29 PM
Points: 10,260, Visits: 13,230
If you do a sp_helptext on sys.server_principals or sys.database_principals you can see that MS is only showing roles and default logins/users and the logged in user intentionally. I would guess that someone smarter than I would be able to tell you how to get around it.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
Post #686572
Posted Monday, March 30, 2009 3:40 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Tuesday, October 14, 2014 2:13 PM
Points: 413, Visits: 404
I'm not familiar with sp_helptext but I did grab the mssqlsystemresouce database and look at the source for sys.server_principals and saw where they're restricting (using the function has_access) what rows are returned. Unfortunately, I can't directly query the underlying table/view on which server_principals is based.

How are other people doing this kind of SOX access review?
Post #686600
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse