Solved

Script to list all user accounts and which objects they created on SQL Server 2000 and 2005

Posted on 2007-11-29
2
1,831 Views
Last Modified: 2008-08-25
Hello,

I would like to list all the user accounts on a SQL 2000 database server, which databases they have access to, their privileges, their last activitiy (datetime), and which objects they created/modified/touched in some manner (i.e. selected from which tables, etc.)

Is is possible to glean this information from SQL 2000 in the form of a simple query? If not, what parts of the above question can come out of a simple query of system tables and what no, and what parts of the above question would require looking in the logs? (I'm assuming the bit about their recent activity would come from the logs only..) And what is the easiest way to read the logs for this information?

Lastly, can I get this information more easily from a 2005 database? How does 2005 compare to 2000 in terms of security?

Your earliest response would be very much appreciated! :)

Thank you,
rss2
0
Comment
Question by:rss2
2 Comments
 
LVL 18

Expert Comment

by:Yveau
ID: 20372542
In SQL 2000 you cannot see who created an object, only who is the owner of the object but is not necessarily the one who created it! Also in SQL 2000 you cannot see when an object was modified.
In SQL 2005 you can see who created an object and what was the last modification date.
In both SQL Server versions it is not possible (out of the box) to see who touched which table ... you have to setup something for this kind of monitoring yourself.

Hope this helps ...
0
 
LVL 25

Accepted Solution

by:
imitchie earned 500 total points
ID: 20372640
I would like to list all the user accounts on a SQL 2000 database server, which databases they have access to, their privileges, their last activitiy (datetime), and which objects they created/modified/touched in some manner (i.e. selected from which tables, etc.)

In SQL 2000, the creation data of a SQL object (table/view etc) is logged in

select crdate, objecT_name(id) from sysobjects

To list users, go to Enterprise Manager and look up user list to check their permissions. The level of customizability of permissions allow/deny is so complex that no single query can tell you the full extent of a users's allowances.  As far as system roles, this probably comes close

select * from master..syslogins

There is no db system I am aware of that can tell you when a user last "touched" an object, not even 2005.

Selects are never logged, so you can't use the log for that. but for create db, update, delete etc (assuming you have an appropriate log level), you can use log viewing tools to check the last activity, to a certain period of time.

2005 security is more tightened from 2000, and allows more roles, as well as more customizability.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now