Need View Any Login permission - by Dave1554

Status : 

  External<br /><br />
		This item may be valid but belongs to an external system out of the direct control of this product team.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.


1
0
Sign in
to vote
ID 773696 Comments
Status Closed Workarounds
Type Suggestion Repros 0
Opened 12/6/2012 10:57:47 AM
Access Restriction Public

Description

For audit purposes, I need to be able to provide an account the ability to view all logins on an instance and users in a database, along with their associated role memberships. Due to the limited metadata visibility configuration in SQL 2005, I need to provide the account ALTER ANY LOGIN and ALTER ANY USER to allow them to view this information. 

Sign in to post a comment.
Posted by Microsoft on 6/21/2013 at 11:21 AM
Hi,

Thanks for your suggestion. We're working towards improving our Separation of Duties capabilities and will record your suggestion in our future DCR database. In the mean time, you can try one of these workarounds:
1 - Create SPs that allows only viewing of the login/user metadata. You can use signed modules if you'd like to be extra secure (http://msdn.microsoft.com/en-us/library/ms345102(v=SQL.105).aspx)
2 - Grant VIEW SERVER STATE if allowing the principal to see other metadata is acceptable

Thanks!