Monitoring Changes in Permissions, Users, Roles and Logins

Install metric...

Metrics install automatically if you have SQL Monitor installed.

If you are using Redgate’s SQL Server monitoring tool, SQL Monitor, you can instantly install and run this metric on your servers.

Reports the number of changes to logins, users, roles in the past 10 minutes. It measures every change but doesn’t tell you if this is a drift from what it should be, since it might only be a permission being temporarily created and then revoked.

First, create the following function in the database on the monitored SQL Server instance. It uses the default trace:

Metric definition

Name

AccessControlChanges

Description

Reports the number of changes to logins, users, roles in the past 10 minutes. It measures every change but doesn't tell you if this is a drift from what it should be, since it might only be a permission being temporarily created and then revoked.

The T-SQL query that will collect data

Instances to collect from

default

Databases to collect from

master

Collection frequency

5 mins

Use collected or calculated values

Leave the Use a calculated rate of change between collections check box unchecked

Metric collection

Enabled

Alert definition

Alert name

Change to a login, role or user

Description

There has been a change to a security principal. For example, a login has been added or removed, as a server login or database user, or has been added or removed from a fixed server role or database role, or a database.

Raise an alert when the metric value goes

Above the defined threshholds

Default threshold values

High:
Medium:
Low:1

Raise an alert when the threshold is passed for

collections

Alert is

Enabled