Hi, we have an audit tool that scans a SQL Server for compliance.
It wants all sorts of permission but I don't want to give it the ability to view the user data.
The scanner documentation wants sysadmin rights for the login but instead I gave it control server and then gave it deny_datareader and deny_datawriter to the user databases.
How can I prevent impersonation or "execute as" of any other logins or users so that it does not run a select on the user databases?
Thanks for reading.