March 31, 2017 at 11:50 am
I got "sp_audit_write" working but only with ids granted to SYSADMIN. Looking at Microsoft documents, the only permission required is "Requires membership in the public database role". The stored procedure is in database mssqlsystemresource which I cannot find a way to grant permission to it. I added the login to every database public role on the server and still no good.
Here is the message I get
Msg 229, Level 14, State 5, Procedure sp_audit_write, Line 1
The EXECUTE permission was denied on the object 'sp_audit_write', database 'mssqlsystemresource', schema 'sys'.
How do I grant execute permission to 'sp_audit_write'?
David Bird
March 31, 2017 at 12:02 pm
David Bird - Friday, March 31, 2017 11:50 AMI got "sp_audit_write" working but only with ids granted to SYSADMIN. Looking at Microsoft documents, the only permission required is "Requires membership in the public database role". The stored procedure is in database mssqlsystemresource which I cannot find a way to grant permission to it. I added the login to every database public role on the server and still no good.Here is the message I get
Msg 229, Level 14, State 5, Procedure sp_audit_write, Line 1
The EXECUTE permission was denied on the object 'sp_audit_write', database 'mssqlsystemresource', schema 'sys'.How do I grant execute permission to 'sp_audit_write'?
Out of curiosity has somebody maybe tried to harden the instance and revoked various permissions to the public role?
Second question, has the USER_DEFINED_AUDIT_GROUP action been added to a server audit specification?
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 31, 2017 at 12:52 pm
It was not harden, unless that is the new default for SQL 2012
USER_DEFINED_AUDIT_GROUP was enabled on the server audit and then I went back and added to the Database Audit. Permission still not being granted.
David Bird
March 31, 2017 at 1:01 pm
Does the user/login have any explicit denies? E.g. deny execute?
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
March 31, 2017 at 1:06 pm
No denies
Just db_datareader, db_datawriter, and execute permission on the user database.
David Bird
April 1, 2017 at 1:32 pm
Sue
April 4, 2017 at 8:16 am
Thank You, that was the problem the PUBLIC permission was missing. I Granted execute permission on the Extended Stored Procedure in the Master database to the application id and it worked. Maybe Microsoft removed public permission for a reason so not putting it back.
Thank You
David Bird
April 4, 2017 at 9:30 am
Yeah that is odd. Glad you figured it out.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply