Permission Security Checks control the permissions for objects and roles.

The Permissions Security Checks available on the Configure the Policy section are the following:

Name

Description

Agent Job ExecutionDetermine whether only administrators can execute SQL Agent CmdExec Jobs
ALTER TRACE Permission Granted To Unauthorized UsersDetermine whether unauthorized users have been granted the ALTER TRACE permission on SQL Server 2005 or later
CONTROL SERVER Permission Granted To Unauthorized UsersDetermine whether unauthorized users have been granted the CONTROL SERVER permission on SQL Server 2005 or later
Database File Owners Not AcceptableDetermine whether SQL Server database files have unapproved owners
Database File Permissions Not AcceptableDetermine whether users have unapproved access to SQL Server database files
Database Files Missing Required Administrative PermissionsDetermine whether the required administrative accounts have access to all database files
Direct Access PermissionsCheck for logins that have had server-level permissions granted directly to them.
Ensure public role is not granted access SQL Agent proxies in msdb databaseDetermine whether the public role is granted access to SQL Agent proxies
Everyone Database File AccessDetermine whether the Everyone group has access to SQL Server database files
Everyone System Table AccessDetermine whether the Everyone group has read access to system tables on the SQL Server
Executable File Owners Not AcceptableDetermine whether SQL Server executable files have unapproved owners
Executable File Permissions Not AcceptableDetermine whether users have unapproved access to SQL Server executable files
Executable Files Missing Required Administrative PermissionsDetermine whether the required administrative accounts have access to all executable files (any .exe or .dll file)
Integration Services Roles Have Dangerous Security PrincipalsDetermine whether dangerous security principals belong to any SQL Server Information Services (SSIS) database roles.
Integration Services Roles Permissions Not AcceptableDetermine whether unapproved roles have been granted permissions on an Integration Services stored procedure.
Integration Services Users Permissions Not AcceptableDetermine whether unapproved users have been granted permissions on an Integration Services stored procedure.
Limit Propagation of access rightsCheck for users that have GRANT_WITH_GRANT_OPTION, as they can grant those rights to other users.
Public Database Role Has PermissionsDetermine whether the public database role has any permissions
Public Role Has Permissions on User Database ObjectsDetermine whether the public database role has been granted permissions on user database objects.
Public Server Role Has PermissionsDetermine whether the public server role has been granted permissions
Public Server Role only granted default Microsoft permissionsDetermine that the Public Server Role only has default permissions granted by Microsoft. In keeping with the principle of least privileges, the public server role should not be used to grant permissions at the server scope as these would be inherited by all users.
Registry Key Owners Not AcceptableDetermine whether registry keys that can affect SQL Server security have unapproved owners
Registry Key Permissions Not AcceptableDetermine whether users have unapproved access to registry keys
Registry Keys Missing Required Administrative PermissionsDetermine whether the required administrative accounts have access to all SQL Server registry keys
Sysadmins Own DatabasesDetermine whether any databases are owned by a system administrator
IDERA | Products | Purchase | Support | Community | Resources | About Us | Legal
  • No labels