Category: Security

Tim Radney jimmies the lock:

Getting locked out of a SQL Server instance can happen due to a number of situations. The most common scenario I’ve encountered is when a SQL Server is moved from one domain to another without the domain being trusted or having a local SQL admin account. I recently encountered another incident where a DBA was attempting to fail over a log-shipped instance to another instance. Part of their run book included a script to disable a set of users to block production access to the instance. The problem was, the production instance was on a cluster, unlike the development and QA systems where the script had been tested. Disabling the users in production took down the instance preventing the tail log backups from occurring. We had to get the instance back up in order to take those final backups.

What can you do if you find that you’re locked out of a SQL Server instance?

Read on for that answer.

Randolph West has a script for us:

Part of my job at work is to update Transact-SQL reference content. System dynamic management views (DMVs) have permissions that are managed in the SQL Server Database Engine source code, so it’s a little tricky to figure out the required permissions for a specific DMV.

This blog post provides a stored procedure that uses sys.fn_builtin_permissions to calculate permissions, but keep in mind that any custom permissions that you’ve implemented, can override the defaults.

This can serve as a quick check for whether your user account has the necessary permissions to access DMVs in a particular database.

Andreas Wolter wants to focus in on specific database objects:

In this article I want to share a targeted approach to audit access to specific objects within a database in Microsoft SQL Server.

• In my last article, Evading Data Access Auditing in Microsoft SQL Server – and how to close the gaps, I showed multiple approaches to gain access to a chunk of sensitive data using the statistics object in SQL Server. The hardest one to capture is access to data that is exposed via the dynamic management function (DMF) dm_db_stats_histogram. This requires an additional Audit Specification in the master database for this system object. In the end we required 3 different Audit Action Groups to cover all the methods used to read data from our example table.

Read on to see what you can do as of SQL Server 2022.

David Fitzjarrell digs into the options available for security audits in Oracle:

Security rears its ugly head yet again, this time with security audits. Depending upon the RDBMS auditing can be a breeze or a nightmare. Oracle has done wonders in making this task simpler for the DBA to enable, configure and maintain. Let’s take a dive into this topic and shed some light on it.

By default when Oracle is installed the newest foray into auditing, the Unified Audit Trail, is disabled. In releases prior to 12 basic auditing was automatically available, but it wrote to possibly three locations:

Read on for those three locations, how things have changed with Unified Audit Trail, and some of the information you can get back from it.