Cloud Migration Made Easy

Considering a move to the cloud? Axial SQL brings you proven migration strategies to streamline your transition. Our expert team ensures a smooth, efficient shift, keeping your data safe and accessible. Start your journey to the cloud with confidence!

SQL Performance Optimization

Is your SQL running slower than expected? Don't let sluggish performance hinder your business. Our optimization experts at Axial SQL specialize in tuning your databases for peak performance. Speed up your SQL and supercharge your data processing today!

Database Stability Solutions

Tired of frequent database outages? Discover stability with Axial SQL! Our comprehensive analysis identifies and resolves your database vulnerabilities. Enhance reliability, reduce downtime, and keep your operations running smoothly with our expert guidance.

Expert Database Team Evaluation

Questioning your database team's efficiency? Let Axial SQL provide an expert, unbiased analysis. We assess your team's strategies and workflows, offering insights and improvements to boost productivity. Elevate your database management to new heights!

Data Security Assurance

Concerned about your database security? Axial SQL is here to fortify your data defenses. Our specialized security assessments identify potential risks and implement robust protections. Keep your sensitive data secure and your peace of mind intact with our expert services.

Published on

December 2, 2017

Exploring SQL Server Permissions

Yesterday, I shared a blog post discussing how to list all the users with System Admin (sysadmin) rights in SQL Server. Since then, I have received numerous emails and comments on this subject, with one comment in particular catching my attention.

SQL Expert Chris Mangrum shared an interesting script modification that includes an additional permission called Control Server. Here is the alternate script shared by Chris:

USE master
GO
SELECT DISTINCT p.name AS [loginname],
p.type,
p.type_desc,
p.is_disabled,
s.sysadmin,
CONVERT(VARCHAR(10), p.create_date, 101) AS [created],
CONVERT(VARCHAR(10), p.modify_date, 101) AS [update]
FROM sys.server_principals p
JOIN sys.syslogins s ON p.sid = s.sid
JOIN sys.server_permissions sp ON p.principal_id = sp.grantee_principal_id
WHERE p.type_desc IN ('SQL_LOGIN', 'WINDOWS_LOGIN', 'WINDOWS_GROUP')
-- Logins that are not process logins
AND p.name NOT LIKE '##%'
-- Logins that are sysadmins or have GRANT CONTROL SERVER
AND (s.sysadmin = 1 OR sp.permission_name = 'CONTROL SERVER')
ORDER BY p.name
GO

When you run the above script, you will get a result set that includes additional details compared to the original script I shared yesterday. I personally find this new script to be more comprehensive in identifying system administrators, and I highly recommend it to my audience.

As a consultant, when I engage in a Comprehensive Database Performance Health Check, I do not ask for a username and password from my users. Instead, I expect the DBA with whom I am working to have system admin rights. This allows me to guide them through the necessary steps to optimize their SQL Server without taking over their session. I believe this is the best approach to assist users effectively.

Understanding SQL Server permissions is crucial for database administrators and developers alike. By utilizing scripts like the one shared by Chris, you can easily identify users with sysadmin rights and Control Server permission. This knowledge empowers you to manage and secure your SQL Server environment efficiently.

Stay tuned for more SQL Server tips and tricks in future blog posts!

Click to rate this post!

[Total: 0 Average: 0]

Let's work together

Send us a message or book free introductory meeting with us using button below.

Comprehensive 360 Degree Assessment

Data Replication

Performance Optimization

Data Security

Database Migration

Expert Consultation