Tag Archives: #TechBlog

Standard

Posted by

Posted on

January 9, 2024

Posted under

AlwaysON, Tsql

Comments

Leave a comment

Querying Connect Permissions on Endpoints in SQL Server

Introduction πŸš€

Securing your SQL Server environment involves a meticulous examination of permissions granted to various entities. In this blog post, we’ll explore a T-SQL script designed to query if endpoints have been granted connect permissions. Understanding and managing these permissions is crucial for maintaining a secure and well-configured SQL Server infrastructure.

Requirements πŸ› οΈ

Before using the T-SQL script, make sure you have the following prerequisites:

  1. SQL Server Endpoints: The script is designed for environments with configured endpoints.
  2. Permissions: The account executing the script should have sufficient permissions to query the necessary system views (sys.server_permissions, sys.server_principals, and sys.tcp_endpoints).

T-SQL Script πŸ“œ

Use the following T-SQL script to determine if endpoints have connect permissions:

SELECT

    perm.class_desc,

    prin.name,

    perm.permission_name,

    perm.state_desc,

    prin.type_desc as PrincipalType,

    prin.is_disabled

FROM

    sys.server_permissions perm

LEFT JOIN

    sys.server_principals prin ON perm.grantee_principal_id = prin.principal_id

LEFT JOIN

    sys.tcp_endpoints tep ON perm.major_id = tep.endpoint_id

WHERE

    perm.class_desc = 'ENDPOINT'

    AND perm.permission_name = 'CONNECT'

    AND tep.type = 4;

This script retrieves information about connect permissions on endpoints, including details about the principal, permission state, and principal type.

Conclusion πŸŽ‰

Checking connect permissions on SQL Server endpoints is a critical step in ensuring a secure database environment. By utilizing the provided T-SQL script, database administrators can easily identify whether connect permissions have been granted to specific entities.

Regularly auditing and managing these permissions is essential for maintaining the integrity of your SQL Server infrastructure. May your endpoints always be secure, and your data remain protected! πŸ”’

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided β€œAS IS” with no warranties, and confers no rights.

Standard

Posted by

Posted on

January 2, 2024

Posted under

AlwaysON, Tsql

Comments

Leave a comment

Identifying Login Permissions on Always On Endpoint with T-SQL

Introduction πŸš€

Security is paramount in a SQL Server environment, especially when dealing with high availability solutions like Always On Availability Groups. In this blog post, we’ll explore a T-SQL script designed to identify which logins have been granted permissions on Always On endpoints. Understanding these permissions is crucial for maintaining a secure and well-configured SQL Server infrastructure.

Requirements πŸ› οΈ

Before using the T-SQL script, ensure that the following requirements are met:

  1. SQL Server Always On: The script is designed for environments with configured Always On Availability Groups.
  2. Permissions: The account executing the script should have sufficient permissions to query the necessary system views (sys.server_permissions and sys.endpoints).

T-SQL Script πŸ“œ

Use the following T-SQL script to identify login permissions on Always On endpoints:

-- Metadata Check

SELECT 'Metadata Check';



SELECT

    EP.name,

    SP.STATE,

    CONVERT(nvarchar(38), suser_name(SP.grantor_principal_id)) AS GRANTOR,

    SP.TYPE AS PERMISSION,

    CONVERT(nvarchar(46), suser_name(SP.grantee_principal_id)) AS GRANTEE

FROM

    sys.server_permissions SP, sys.endpoints EP

WHERE

    SP.major_id = EP.endpoint_id

ORDER BY

    PERMISSION, GRANTOR, GRANTEE;

This script retrieves information about the state, grantor, and grantee of permissions on endpoints related to Always On Availability Groups.

Conclusion πŸŽ‰

Ensuring the correct permissions on Always On endpoints is a critical aspect of securing your SQL Server environment. By running the provided T-SQL script, database administrators can quickly identify which logins have been granted permissions, allowing for a comprehensive security review.

Regularly review and audit these permissions to maintain a secure configuration, especially in environments where access control is crucial. May your SQL Server environment always be fortified against unauthorized access! πŸ”’

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided β€œAS IS” with no warranties, and confers no rights.

Standard

Posted by

Posted on

December 26, 2023

Posted under

AlwaysON, Tsql

Comments

Leave a comment

Exploring Always On Availability Replica Details and Database Health

Introduction πŸš€

Maintaining the health and performance of your SQL Server Availability Groups (AG) is essential for a resilient database infrastructure. In this blog post, we’ll delve into a T-SQL script designed to retrieve detailed information about your AG replicas and the associated database health. This script provides a comprehensive overview of key metrics, allowing database administrators to monitor and ensure the robustness of their AG configurations.

Requirements πŸ› οΈ

Before using the T-SQL script, ensure that the following requirements are met:

  1. SQL Server Availability Groups: The script is designed for environments with configured Availability Groups.
  2. Permissions: The account executing the script should have sufficient permissions to query the necessary dynamic management views.

T-SQL Script πŸ“œ

Use the following T-SQL script to obtain detailed information about your AG replicas and database health:

SELECT 

    ar.replica_server_name, 

    adc.database_name, 

    ag.name AS ag_name, 

    CASE HDRS.is_primary_replica

        WHEN 1 THEN 'Primary Replica'

        ELSE 'Secondary Replica'

    END AS Replica,

    HDRS.synchronization_state_desc, 

    HDRS.synchronization_health_desc, 

    HDRS.recovery_lsn, 

    HDRS.truncation_lsn, 

    HDRS.last_sent_lsn, 

    HDRS.last_sent_time, 

    HDRS.last_received_lsn, 

    HDRS.last_received_time, 

    HDRS.last_hardened_lsn, 

    HDRS.last_hardened_time, 

    HDRS.last_redone_lsn, 

    HDRS.last_redone_time, 

    HDRS.log_send_queue_size, 

    HDRS.log_send_rate, 

    HDRS.redo_queue_size, 

    HDRS.redo_rate, 

    HDRS.filestream_send_rate, 

    HDRS.end_of_log_lsn, 

    HDRS.last_commit_lsn, 

    HDRS.last_commit_time

FROM sys.dm_hadr_database_replica_states AS HDRS

INNER JOIN sys.availability_databases_cluster AS adc 

    ON HDRS.group_id = adc.group_id AND 

    HDRS.group_database_id = adc.group_database_id

INNER JOIN sys.availability_groups AS ag

    ON ag.group_id = HDRS.group_id

INNER JOIN sys.availability_replicas AS ar 

    ON HDRS.group_id = ar.group_id AND 

    HDRS.replica_id = ar.replica_id

This script combines data from various system views to present a holistic view of your AG configuration and the health status of associated databases.

Conclusion πŸŽ‰

Effectively managing your SQL Server Availability Groups involves not only understanding the configuration details but also regularly monitoring the health of replicas and databases. By utilizing the provided T-SQL script, database administrators can proactively identify and address potential issues, ensuring the continuous availability and reliability of their databases.

Regularly run this script and incorporate the insights gained into your monitoring routine to keep your SQL Server environment robust and resilient. May your databases always be available and your replicas in sync! πŸ’ͺ

Thank You,
Vivek Janakiraman

Disclaimer:
The views expressed on this blog are mine alone and do not reflect the views of my company or anyone else. All postings on this blog are provided β€œAS IS” with no warranties, and confers no rights.