This coming Wednesday I'll be speaking for SQL Lunch on the topic of Auditing Database Permissions in SQL Server. The abstract for this presentation is:
Invariably, the dreaded auditors will come knocking at your door wanting to know who can do what in a database. Knee deep in other initiatives, the last thing you want to do is parcel out the time required to answer their requests and the follow-on questions they're likely to have. However, you know that this these are requests you can't refuse and you resign yourself to your fate. In this presentation, Certified Information Systems Auditor (CISA) and Microsoft SQL Server MVP K. Brian Kelley will cover what to audit, how to audit it quickly and efficiently, and the gotchas to look out for when it comes to compiling and reporting database permissions in SQL Server. Coverage of the security catalog views to use in SQL Server 2005/2008 as well as capturing implicit permissions will be focused on.
Basically, this is a condensed version of the 4 hour class I give yearly to ISACA certified information systems auditors (CISAs) and information security managers (CISMs). However, I'm staying strictly technical and paring down to just database level permissions and authorization.