我正在使用SQL Server2014。当出现错误“ SELECT PERMISSION DENIED”时,它出现在SQL Server错误日志中,但我找不到引起它的用户。
由于某种原因,我无法在SQL Profiler中捕获此错误。我尝试在事件探查器中捕获“用户错误”并按[%'permission%']进行过滤,但没有任何反应。我也没有在日志中看到此信息。没有“用户”列。
我需要任何方法来确定哪个用户导致了此错误。使用探查器,日志或警报,等等。
答案 0 :(得分:0)
使用SQL Server Audit可以解决您的问题。
SET NOCOUNT ON;
GO
SELECT @@version;
GO
USE AdventureWorks2016CTP3;
GO
IF EXISTS(SELECT *
FROM sys.database_audit_specifications
WHERE [name] = 'SelectFromPassword') BEGIN
ALTER DATABASE AUDIT SPECIFICATION SelectFromPassword WITH (STATE = OFF);
DROP DATABASE AUDIT SPECIFICATION SelectFromPassword;
END;
GO
USE master;
GO
IF EXISTS(SELECT *
FROM sys.server_audits
WHERE [name] = 'MyServerAudit') BEGIN
ALTER SERVER AUDIT MyServerAudit WITH (STATE = OFF);
DROP SERVER AUDIT MyServerAudit;
END;
GO
-- Create the server audit.
CREATE SERVER AUDIT MyServerAudit TO FILE(FILEPATH = 'D:\MyServerAudit');
GO
-- Enable the server audit.
ALTER SERVER AUDIT MyServerAudit WITH (STATE = ON);
GO
USE AdventureWorks2016CTP3;
GO
-- Create the database audit specification.
CREATE DATABASE AUDIT SPECIFICATION SelectFromPassword
FOR SERVER AUDIT MyServerAudit
ADD (SELECT ON OBJECT::Person.[Password] BY public)
WITH (STATE = ON);
GO
EXECUTE AS LOGIN = 'zanjato';
GO
USE AdventureWorks2016CTP3;
GO
SELECT * FROM Person.[Password];
GO
REVERT;
GO
WAITFOR DELAY '00:00:02';
GO
SELECT
event_time,
server_principal_name,
database_principal_name,
action_id,
database_name,
schema_name,
[object_name],
[statement]
FROM fn_get_audit_file('D:\MyServerAudit\MyServerAudit*',NULL, NULL)
WHERE succeeded = 0;
GO
ALTER DATABASE AUDIT SPECIFICATION SelectFromPassword WITH (STATE = OFF);
GO
DROP DATABASE AUDIT SPECIFICATION SelectFromPassword;
GO
USE master;
GO
ALTER SERVER AUDIT MyServerAudit WITH (STATE = OFF);
GO
DROP SERVER AUDIT MyServerAudit;
输出:
-------------------------------------------------------------------------------------------------------
Microsoft SQL Server 2016 (SP1-CU4) (KB4024305) - 13.0.4446.0 (X64)
Jul 16 2017 18:08:49
Copyright (c) Microsoft Corporation
Developer Edition (64-bit) on Windows Server 2012 R2 Standard 6.3 <X64> (Build 9600: ) (Hypervisor)
Changed database context to 'AdventureWorks2016CTP3'.
Changed database context to 'master'.
Changed database context to 'AdventureWorks2016CTP3'.
Changed database context to 'AdventureWorks2016CTP3'.
Msg 229, Level 14, State 5, Line 41
The SELECT permission was denied on the object 'Password', database 'AdventureWorks2016CTP3', schema 'Person'.
event_time server_principal_name database_principal_name action_id database_name schema_name object_name statement
--------------------------- --------------------- ----------------------- --------- ---------------------- ----------- ----------- -------------------------------
2019-02-12 13:28:48.1177803 zanjato zanjato SL AdventureWorks2016CTP3 Person Password SELECT * FROM Person.[Password]
Changed database context to 'master'.
答案 1 :(得分:0)
我使用扩展事件找到了解决方案。我选择了事件:errorlog_write,并按单词“ permission”过滤。事实证明,有可能在Profiler中捕获此错误,只需要选择“错误”和“警告/事件日志”即可。 Profiler的问题在于它会严重降低服务器速度。但是使用扩展事件,可以实时观察过程。