[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1845
  • Last Modified:

Script to list all user accounts and which objects they created on SQL Server 2000 and 2005

Hello,

I would like to list all the user accounts on a SQL 2000 database server, which databases they have access to, their privileges, their last activitiy (datetime), and which objects they created/modified/touched in some manner (i.e. selected from which tables, etc.)

Is is possible to glean this information from SQL 2000 in the form of a simple query? If not, what parts of the above question can come out of a simple query of system tables and what no, and what parts of the above question would require looking in the logs? (I'm assuming the bit about their recent activity would come from the logs only..) And what is the easiest way to read the logs for this information?

Lastly, can I get this information more easily from a 2005 database? How does 2005 compare to 2000 in terms of security?

Your earliest response would be very much appreciated! :)

Thank you,
rss2
0
rss2
Asked:
rss2
1 Solution
 
YveauCommented:
In SQL 2000 you cannot see who created an object, only who is the owner of the object but is not necessarily the one who created it! Also in SQL 2000 you cannot see when an object was modified.
In SQL 2005 you can see who created an object and what was the last modification date.
In both SQL Server versions it is not possible (out of the box) to see who touched which table ... you have to setup something for this kind of monitoring yourself.

Hope this helps ...
0
 
imitchieCommented:
I would like to list all the user accounts on a SQL 2000 database server, which databases they have access to, their privileges, their last activitiy (datetime), and which objects they created/modified/touched in some manner (i.e. selected from which tables, etc.)

In SQL 2000, the creation data of a SQL object (table/view etc) is logged in

select crdate, objecT_name(id) from sysobjects

To list users, go to Enterprise Manager and look up user list to check their permissions. The level of customizability of permissions allow/deny is so complex that no single query can tell you the full extent of a users's allowances.  As far as system roles, this probably comes close

select * from master..syslogins

There is no db system I am aware of that can tell you when a user last "touched" an object, not even 2005.

Selects are never logged, so you can't use the log for that. but for create db, update, delete etc (assuming you have an appropriate log level), you can use log viewing tools to check the last activity, to a certain period of time.

2005 security is more tightened from 2000, and allows more roles, as well as more customizability.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now