Search sqlserver-dba.com
Follow sqlserver-dba.com
*Use the Comments section for questions
SQLServer-DBA.com Links
Recent Posts
- The current transaction cannot be committed and cannot support operations that write to the log file. Roll back the transaction.
- How to find privilege changes with SQL Server Default Trace
- sys.dm_server_services - How to check if SQL Server service is running or not?
- Msg 3023, Level 16, State 2 Backup, file manipulation operations (such as ALTER DATABASE ADD FILE) and encryption changes on a database must be serialized. Reissue the statement after the current backup or file manipulation operation is completed.
- Can we restore a database to an older version in SQL Server?
- How do I save all SQL Agent Jobs
- How to view SQL Server mount point space without access to server
- DBCC SHRINKFILE: page could not be moved because it is a work table page.
- SQL Agent Last Modified explanation
- Sql certificate chain was issued by an authority that is not trusted
How to check a SQL Login is part of the SYSADMIN role
21 June,2018 by Tom Collins
Question: As part of a regular SQL Server Violations reporting and checking any vulnerabilities on SQL Servers, I run regular scans and report on elevated server roles. What is an efficient method to identify if a login is using the sysadmin role?
Answer: I use the IS_SRVROLEMEMBER function , which allows you to check on various server roles. As well as sysadmin , it is possible to also check on serveradmin,dbcreator,setupadmin,bulkadmin,securityadmin,diskadmin and processadmin.
The IS_SRVROLEMEMBER returns either a value of 1 or 0. 1 = the login is a member of the role 0= the login is not a member of the role.
This an example of how to check if the 'BUILTIN\Administrators' login is a member of the sysadmin role, this is by using the login option
SELECT IS_SRVROLEMEMBER('sysadmin', 'BUILTIN\Administrators');
This is an example if the CURRENT login is a member of the sysadmin group
SELECT IS_SRVROLEMEMBER ('sysadmin');
Read more on managing the sysadmin role
Drop sysadmin with ALTER SERVER ROLE and DROP MEMBER ...
Powershell sql server security audit
select current_user shows dbo (SQL Server DBA)
Author: Tom Collins (http://www.sqlserver-dba.com)
Share:
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |