Home Dashboard Directory Help
Search

Need View Any Login permission by Dave1554


Status: 

Resolved
 as External Help for as External


1
0
Sign in
to vote
Type: Suggestion
ID: 773696
Opened: 12/6/2012 10:57:47 AM
Access Restriction: Public
0
Workaround(s)
view

Description

For audit purposes, I need to be able to provide an account the ability to view all logins on an instance and users in a database, along with their associated role memberships. Due to the limited metadata visibility configuration in SQL 2005, I need to provide the account ALTER ANY LOGIN and ALTER ANY USER to allow them to view this information.

Details
Sign in to post a comment.
Posted by Microsoft on 6/21/2013 at 11:21 AM
Hi,

Thanks for your suggestion. We're working towards improving our Separation of Duties capabilities and will record your suggestion in our future DCR database. In the mean time, you can try one of these workarounds:
1 - Create SPs that allows only viewing of the login/user metadata. You can use signed modules if you'd like to be extra secure (http://msdn.microsoft.com/en-us/library/ms345102(v=SQL.105).aspx)
2 - Grant VIEW SERVER STATE if allowing the principal to see other metadata is acceptable

Thanks!
Sign in to post a workaround.