CREATE TABLE PermsTest(RowID int identity primary key)GOCREATE TRIGGER Audit_PermsTestON PermsTestWITH EXECUTE AS OWNERFOR INSERT, UPDATE, DELETEASBEGIN DECLARE @TEMP TABLE (EventType nvarchar(30), Parameters int, EventInfo nvarchar(4000)) INSERT INTO @TEMP EXEC('DBCC INPUTBUFFER(@@SPID)') SELECT EventInfo FROM @TEMPENDGO
USE [master]GOCREATE DATABASE SAPermsTestGOCREATE LOGIN [PermsTestLogin] WITH PASSWORD=N'c0mpl3xp@$$'GOUSE [SAPermsTest]GO CREATE USER [PermsTestLogin] FROM LOGIN [PermsTestLogin]GOCREATE TABLE PermsTest(RowID int identity primary key)GOGRANT INSERT ON PermsTest TO PermsTestLoginGOCREATE TRIGGER Audit_PermsTestON PermsTestWITH EXECUTE AS OWNERFOR INSERT, UPDATE, DELETEASBEGIN DECLARE @TEMP TABLE (EventType nvarchar(30), Parameters int, EventInfo nvarchar(4000)) INSERT INTO @TEMP EXEC('DBCC INPUTBUFFER(@@SPID)') SELECT EventInfo FROM @TEMP SELECT SYSTEM_USER SELECT text FROM sys.dm_exec_requests CROSS APPLY sys.dm_exec_sql_text(sql_handle) WHERE session_id = @@SPIDENDGO-- Test the trigger will fail. Make sure to revertEXECUTE AS LOGIN='PermsTestLogin'INSERT INTO PermsTest default values;REVERTGO-- Revert Fails when trigger execution fails so do it now.REVERTGO-- Create a certificate to sign stored procedures withCREATE CERTIFICATE [SAPermsCertificate]ENCRYPTION BY PASSWORD = '$tr0ngp@$$w0rd'WITH SUBJECT = 'Certificate for signing Audit Triggers';GO-- Backup certificate so it can be create in master databaseBACKUP CERTIFICATE [SAPermsCertificate]TO FILE = 'D:\SQLBackups\SAPermsCertificate.CER';GO-- Add Certificate to Master DatabaseUSE [master]GOCREATE CERTIFICATE [SAPermsCertificate]FROM FILE = 'D:\SQLBackups\SAPermsCertificate.CER';GO-- Create a login from the certificateCREATE LOGIN [SAPermsLogin]FROM CERTIFICATE [SAPermsCertificate];GO-- The Login must have Authenticate Sever to access server scoped system tables-- per http://msdn.microsoft.com/en-us/library/ms190785.aspxGRANT AUTHENTICATE SERVER TO [SAPermsLogin]GO-- Add the VIEW Server State permission to the Certificate login.GRANT VIEW SERVER STATE TO [SAPermsLogin]GOUSE [SAPermsTest]GO-- Sign the procedure with the certificate's private keyADD SIGNATURE TO OBJECT::Audit_PermsTestBY CERTIFICATE [SAPermsCertificate] WITH PASSWORD = '$tr0ngp@$$w0rd';GO-- Retest the Trigger function and it will work returning -- CREATE TRIGGER statement for the sys.dm_exec_sql_text()EXECUTE AS LOGIN='PermsTestLogin'INSERT INTO PermsTest default values;REVERTGO-- Cleanup/*USE [master]GODROP LOGIN [SAPermsLogin]DROP CERTIFICATE [SAPermsCertificate]DROP DATABASE [SAPermsTest]-- Delete the certificate backup from disk*/
