Security profiling

  • Good day

    I need to profile users and the rights they need on a server. I want to reduce the rights given to them so that each user has min rights to function correctly.

    I am running traces at this moment to check which users is using which databases but I do not know if there is a way of collecting object used and what commands executed by the users. I have over 3000 users in the enviroment so manually checking each user is not an option.

    If anyone have a suggestion or two no matter how small it will be appreciated.

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Do not reinvent the wheel.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  • It depends on what events you are tracing. If you are tracing RPC:Completed, TSQL:BatchCompleted then you have textdata which shows the query that they are running.

  • thanks for the reply

    I want to avoid analizing text data, if possible. There is too many adhoc queries. I am talking off about 200 million queries to the databases per month. If there is no other way I will have to advise a way of analizing the text data with code to extract commands and objects.

    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
    Do not reinvent the wheel.
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

  • I am afraid you are facing quite a difficult task. Trying to find out what users need based on a trace is difficult. You will see what is used but not what is not used. 3000 users ? SQL Logins ? Maybe you can try an other approach, asking the users their needs. If you can use windows authentication it will be better to work with windows groups.

    Best regards,

    Moreno

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply