Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


listing all user accounts using non-admin user


listing all user accounts using non-admin user

Author
Message
ppcx
ppcx
SSC-Addicted
SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)

Group: General Forum Members
Points: 415 Visits: 432
As part of our SOX checks we use a non-sysadmin account to read all user accounts in the database and look to see what server roles they have and also what database roles each user has on each database.

This worked fine in MSSQL 2000 but I'm having trouble in MSSQL 2005 listing all users using an account that doesn't have either securityadmin or sysadmin. Using a non-admin account I only see roles (db_owner, db_access_admin, db_security_admin, db_ddladmin, etc), public, sa, dbo, guest, INFORMATION_SCHEMA, sys, and the non-admin user doing the select. I don't see any windows-authenticated accounts nor any other database accounts.

I need to read both sys.server_principals and sys.database_principals using a non-privileged account and retrieve information about ALL accounts.

Does anyone have any suggestions how I can get this information?
Thanks.
Jack Corbett
  Jack Corbett
SSChampion
SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)SSChampion (12K reputation)

Group: General Forum Members
Points: 12340 Visits: 14863
If you do a sp_helptext on sys.server_principals or sys.database_principals you can see that MS is only showing roles and default logins/users and the logged in user intentionally. I would guess that someone smarter than I would be able to tell you how to get around it.



Jack Corbett

Applications Developer

Don't let the good be the enemy of the best. -- Paul Fleming
At best you can say that one job may be more secure than another, but total job security is an illusion. -- Rod at work

Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
How to Post Performance Problems
Crosstabs and Pivots or How to turn rows into columns Part 1
Crosstabs and Pivots or How to turn rows into columns Part 2
ppcx
ppcx
SSC-Addicted
SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)SSC-Addicted (415 reputation)

Group: General Forum Members
Points: 415 Visits: 432
I'm not familiar with sp_helptext but I did grab the mssqlsystemresouce database and look at the source for sys.server_principals and saw where they're restricting (using the function has_access) what rows are returned. Unfortunately, I can't directly query the underlying table/view on which server_principals is based.

How are other people doing this kind of SOX access review?
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search