-
Notifications
You must be signed in to change notification settings - Fork 115
2. Authentication
Sanjiv Kawa edited this page Dec 17, 2024
·
3 revisions
SQLRecon supports five MS SQL authentication types:
- Windows Token (WinToken)
- Windows Domain Credentials (WinDomain)
- Local Credentials (Local)
- Azure EntraID Credentials (EntraID)
- Azure Local Credentials (AzureLocal)
Examples for each authentication type can be found below.
SQLRecon.exe /a:WinToken /h:SQL01 /m:whoami
Expected Output:
[*] Executing the 'whoami' module on SQL01
[*] Logged in as KAWALABS\JSmith
[*] Mapped to the user guest
[*] Server Permissions:
| permission_name |
| ----------------- |
| CONNECT SQL |
| VIEW ANY DATABASE |
[*] Database Access:
| name |
| --------- |
| master |
| tempdb |
| model |
| msdb |
| Customers |
[*] Database Permissions:
| permission_name |
| ----------------------------------------- |
| CONNECT |
| VIEW ANY COLUMN ENCRYPTION KEY DEFINITION |
| VIEW ANY COLUMN MASTER KEY DEFINITION |
[*] Database Roles:
| Role | Membership |
| ----------------- | ---------- |
| public | Yes |
| db_owner | No |
| db_accessadmin | No |
| db_securityadmin | No |
| db_ddladmin | No |
| db_backupoperator | No |
| db_datareader | No |
| db_datawriter | No |
| db_denydatareader | No |
| db_denydatawriter | No |
| sysadmin | No |
| setupadmin | No |
| serveradmin | No |
| securityadmin | No |
| processadmin | No |
| diskadmin | No |
| dbcreator | No |
| bulkadmin | No |
SQLRecon.exe /a:WinDomain /d:kawalabs /h:SQL01 /u:admin /p:Password123 /m:whoami
[*] Executing the 'whoami' module on SQL01
[*] Logged in as KAWALABS\admin
[*] Mapped to the user dbo
[*] Server Permissions:
| permission_name |
| --------------------------------------------- |
| CONNECT SQL |
| SHUTDOWN |
| CREATE ENDPOINT |
| CREATE ANY DATABASE |
| CREATE AVAILABILITY GROUP |
| CREATE LOGIN |
| ALTER ANY LOGIN |
| ALTER ANY CREDENTIAL |
| ALTER ANY ENDPOINT |
| ALTER ANY LINKED SERVER |
| ALTER ANY CONNECTION |
| ALTER ANY DATABASE |
| ALTER RESOURCES |
| ALTER SETTINGS |
| ALTER TRACE |
| ALTER ANY AVAILABILITY GROUP |
| ADMINISTER BULK OPERATIONS |
| AUTHENTICATE SERVER |
| EXTERNAL ACCESS ASSEMBLY |
| VIEW ANY DATABASE |
| VIEW ANY SECURITY DEFINITION |
| VIEW ANY PERFORMANCE DEFINITION |
| VIEW ANY DEFINITION |
| VIEW SERVER SECURITY STATE |
| VIEW SERVER PERFORMANCE STATE |
| VIEW SERVER STATE |
| CREATE DDL EVENT NOTIFICATION |
| CREATE TRACE EVENT NOTIFICATION |
| ALTER ANY EVENT NOTIFICATION |
| ALTER SERVER STATE |
| UNSAFE ASSEMBLY |
| ALTER ANY SERVER AUDIT |
| CREATE SERVER ROLE |
| ALTER ANY SERVER ROLE |
| CREATE ANY EVENT SESSION |
| DROP ANY EVENT SESSION |
| ALTER ANY EVENT SESSION OPTION |
| ALTER ANY EVENT SESSION ADD EVENT |
| ALTER ANY EVENT SESSION DROP EVENT |
| ALTER ANY EVENT SESSION ENABLE |
| ALTER ANY EVENT SESSION DISABLE |
| ALTER ANY EVENT SESSION ADD TARGET |
| ALTER ANY EVENT SESSION DROP TARGET |
| ALTER ANY EVENT SESSION |
| CONNECT ANY DATABASE |
| IMPERSONATE ANY LOGIN |
| SELECT ALL USER SECURABLES |
| VIEW ANY CRYPTOGRAPHICALLY SECURED DEFINITION |
| VIEW ANY ERROR LOG |
| VIEW SERVER SECURITY AUDIT |
| CONTROL SERVER |
[*] Database Access:
| name |
| --------- |
| master |
| tempdb |
| model |
| msdb |
| Customers |
[*] Database Permissions:
| permission_name |
| -------------------------------------------- |
| CREATE TABLE |
| CREATE VIEW |
| CREATE PROCEDURE |
| CREATE FUNCTION |
| CREATE RULE |
| CREATE DEFAULT |
| BACKUP DATABASE |
| BACKUP LOG |
| CREATE DATABASE |
| CREATE TYPE |
| CREATE ASSEMBLY |
| CREATE XML SCHEMA COLLECTION |
| CREATE SCHEMA |
| CREATE SYNONYM |
| CREATE AGGREGATE |
| CREATE ROLE |
| CREATE MESSAGE TYPE |
| CREATE SERVICE |
| CREATE CONTRACT |
| CREATE REMOTE SERVICE BINDING |
| CREATE ROUTE |
| CREATE QUEUE |
| CREATE SYMMETRIC KEY |
| CREATE ASYMMETRIC KEY |
| CREATE EXTERNAL LANGUAGE |
| CREATE EXTERNAL LIBRARY |
| CREATE FULLTEXT CATALOG |
| CREATE CERTIFICATE |
| CREATE DATABASE DDL EVENT NOTIFICATION |
| CREATE USER |
| CONNECT |
| CONNECT REPLICATION |
| CHECKPOINT |
| SUBSCRIBE QUERY NOTIFICATIONS |
| AUTHENTICATE |
| SHOWPLAN |
| ALTER ANY USER |
| ALTER ANY ROLE |
| ALTER ANY APPLICATION ROLE |
| ALTER ANY COLUMN ENCRYPTION KEY |
| ALTER ANY COLUMN MASTER KEY |
| ALTER ANY SCHEMA |
| ALTER ANY ASSEMBLY |
| ALTER ANY DATABASE SCOPED CONFIGURATION |
| ALTER ANY DATASPACE |
| ALTER ANY EXTERNAL DATA SOURCE |
| ALTER ANY EXTERNAL FILE FORMAT |
| ALTER ANY EXTERNAL LIBRARY |
| ALTER ANY EXTERNAL LANGUAGE |
| ALTER ANY EXTERNAL STREAM |
| ALTER ANY EXTERNAL JOB |
| ALTER ANY MESSAGE TYPE |
| ALTER ANY CONTRACT |
| ALTER ANY SERVICE |
| ALTER ANY REMOTE SERVICE BINDING |
| ALTER ANY ROUTE |
| ALTER ANY FULLTEXT CATALOG |
| ALTER ANY SYMMETRIC KEY |
| ALTER ANY ASYMMETRIC KEY |
| ALTER ANY CERTIFICATE |
| ALTER ANY SECURITY POLICY |
| SELECT |
| INSERT |
| UPDATE |
| DELETE |
| REFERENCES |
| EXECUTE |
| ALTER ANY DATABASE DDL TRIGGER |
| ALTER ANY DATABASE EVENT NOTIFICATION |
| ALTER ANY DATABASE AUDIT |
| CREATE ANY DATABASE EVENT SESSION |
| DROP ANY DATABASE EVENT SESSION |
| ALTER ANY DATABASE EVENT SESSION OPTION |
| ALTER ANY DATABASE EVENT SESSION ADD EVENT |
| ALTER ANY DATABASE EVENT SESSION DROP EVENT |
| ALTER ANY DATABASE EVENT SESSION ENABLE |
| ALTER ANY DATABASE EVENT SESSION DISABLE |
| ALTER ANY DATABASE EVENT SESSION ADD TARGET |
| ALTER ANY DATABASE EVENT SESSION DROP TARGET |
| ALTER ANY DATABASE EVENT SESSION |
| KILL DATABASE CONNECTION |
| VIEW ANY COLUMN ENCRYPTION KEY DEFINITION |
| VIEW ANY COLUMN MASTER KEY DEFINITION |
| VIEW DATABASE SECURITY STATE |
| VIEW DATABASE PERFORMANCE STATE |
| VIEW DATABASE STATE |
| VIEW SECURITY DEFINITION |
| VIEW PERFORMANCE DEFINITION |
| VIEW DEFINITION |
| TAKE OWNERSHIP |
| ALTER |
| ALTER ANY MASK |
| UNMASK |
| EXECUTE ANY EXTERNAL SCRIPT |
| ADMINISTER DATABASE BULK OPERATIONS |
| ALTER ANY SENSITIVITY CLASSIFICATION |
| VIEW ANY SENSITIVITY CLASSIFICATION |
| VIEW CRYPTOGRAPHICALLY SECURED DEFINITION |
| ENABLE LEDGER |
| ALTER LEDGER |
| VIEW LEDGER CONTENT |
| EXECUTE ANY EXTERNAL ENDPOINT |
| VIEW DATABASE SECURITY AUDIT |
| ALTER LEDGER CONFIGURATION |
| CONTROL |
[*] Database Roles:
| Role | Membership |
| ----------------- | ---------- |
| public | Yes |
| db_owner | No |
| db_accessadmin | No |
| db_securityadmin | No |
| db_ddladmin | No |
| db_backupoperator | No |
| db_datareader | No |
| db_datawriter | No |
| db_denydatareader | No |
| db_denydatawriter | No |
| sysadmin | Yes |
| setupadmin | Yes |
| serveradmin | Yes |
| securityadmin | Yes |
| processadmin | Yes |
| diskadmin | Yes |
| dbcreator | Yes |
| bulkadmin | Yes |
SQLRecon.exe /a:Local /h:SQL01 /u:sa /p:Password123 /m:whoami
Expected Output:
[*] Executing the 'whoami' module on SQL01
[*] Logged in as sa
[*] Mapped to the user dbo
[*] Server Permissions:
| permission_name |
| --------------------------------------------- |
| CONNECT SQL |
| SHUTDOWN |
| CREATE ENDPOINT |
| CREATE ANY DATABASE |
| CREATE AVAILABILITY GROUP |
| CREATE LOGIN |
| ALTER ANY LOGIN |
| ALTER ANY CREDENTIAL |
| ALTER ANY ENDPOINT |
| ALTER ANY LINKED SERVER |
| ALTER ANY CONNECTION |
| ALTER ANY DATABASE |
| ALTER RESOURCES |
| ALTER SETTINGS |
| ALTER TRACE |
| ALTER ANY AVAILABILITY GROUP |
| ADMINISTER BULK OPERATIONS |
| AUTHENTICATE SERVER |
| EXTERNAL ACCESS ASSEMBLY |
| VIEW ANY DATABASE |
| VIEW ANY SECURITY DEFINITION |
| VIEW ANY PERFORMANCE DEFINITION |
| VIEW ANY DEFINITION |
| VIEW SERVER SECURITY STATE |
| VIEW SERVER PERFORMANCE STATE |
| VIEW SERVER STATE |
| CREATE DDL EVENT NOTIFICATION |
| CREATE TRACE EVENT NOTIFICATION |
| ALTER ANY EVENT NOTIFICATION |
| ALTER SERVER STATE |
| UNSAFE ASSEMBLY |
| ALTER ANY SERVER AUDIT |
| CREATE SERVER ROLE |
| ALTER ANY SERVER ROLE |
| CREATE ANY EVENT SESSION |
| DROP ANY EVENT SESSION |
| ALTER ANY EVENT SESSION OPTION |
| ALTER ANY EVENT SESSION ADD EVENT |
| ALTER ANY EVENT SESSION DROP EVENT |
| ALTER ANY EVENT SESSION ENABLE |
| ALTER ANY EVENT SESSION DISABLE |
| ALTER ANY EVENT SESSION ADD TARGET |
| ALTER ANY EVENT SESSION DROP TARGET |
| ALTER ANY EVENT SESSION |
| CONNECT ANY DATABASE |
| IMPERSONATE ANY LOGIN |
| SELECT ALL USER SECURABLES |
| VIEW ANY CRYPTOGRAPHICALLY SECURED DEFINITION |
| VIEW ANY ERROR LOG |
| VIEW SERVER SECURITY AUDIT |
| CONTROL SERVER |
[*] Database Access:
| name |
| --------- |
| master |
| tempdb |
| model |
| msdb |
| Customers |
[*] Database Permissions:
| permission_name |
| -------------------------------------------- |
| CREATE TABLE |
| CREATE VIEW |
| CREATE PROCEDURE |
| CREATE FUNCTION |
| CREATE RULE |
| CREATE DEFAULT |
| BACKUP DATABASE |
| BACKUP LOG |
| CREATE DATABASE |
| CREATE TYPE |
| CREATE ASSEMBLY |
| CREATE XML SCHEMA COLLECTION |
| CREATE SCHEMA |
| CREATE SYNONYM |
| CREATE AGGREGATE |
| CREATE ROLE |
| CREATE MESSAGE TYPE |
| CREATE SERVICE |
| CREATE CONTRACT |
| CREATE REMOTE SERVICE BINDING |
| CREATE ROUTE |
| CREATE QUEUE |
| CREATE SYMMETRIC KEY |
| CREATE ASYMMETRIC KEY |
| CREATE EXTERNAL LANGUAGE |
| CREATE EXTERNAL LIBRARY |
| CREATE FULLTEXT CATALOG |
| CREATE CERTIFICATE |
| CREATE DATABASE DDL EVENT NOTIFICATION |
| CREATE USER |
| CONNECT |
| CONNECT REPLICATION |
| CHECKPOINT |
| SUBSCRIBE QUERY NOTIFICATIONS |
| AUTHENTICATE |
| SHOWPLAN |
| ALTER ANY USER |
| ALTER ANY ROLE |
| ALTER ANY APPLICATION ROLE |
| ALTER ANY COLUMN ENCRYPTION KEY |
| ALTER ANY COLUMN MASTER KEY |
| ALTER ANY SCHEMA |
| ALTER ANY ASSEMBLY |
| ALTER ANY DATABASE SCOPED CONFIGURATION |
| ALTER ANY DATASPACE |
| ALTER ANY EXTERNAL DATA SOURCE |
| ALTER ANY EXTERNAL FILE FORMAT |
| ALTER ANY EXTERNAL LIBRARY |
| ALTER ANY EXTERNAL LANGUAGE |
| ALTER ANY EXTERNAL STREAM |
| ALTER ANY EXTERNAL JOB |
| ALTER ANY MESSAGE TYPE |
| ALTER ANY CONTRACT |
| ALTER ANY SERVICE |
| ALTER ANY REMOTE SERVICE BINDING |
| ALTER ANY ROUTE |
| ALTER ANY FULLTEXT CATALOG |
| ALTER ANY SYMMETRIC KEY |
| ALTER ANY ASYMMETRIC KEY |
| ALTER ANY CERTIFICATE |
| ALTER ANY SECURITY POLICY |
| SELECT |
| INSERT |
| UPDATE |
| DELETE |
| REFERENCES |
| EXECUTE |
| ALTER ANY DATABASE DDL TRIGGER |
| ALTER ANY DATABASE EVENT NOTIFICATION |
| ALTER ANY DATABASE AUDIT |
| CREATE ANY DATABASE EVENT SESSION |
| DROP ANY DATABASE EVENT SESSION |
| ALTER ANY DATABASE EVENT SESSION OPTION |
| ALTER ANY DATABASE EVENT SESSION ADD EVENT |
| ALTER ANY DATABASE EVENT SESSION DROP EVENT |
| ALTER ANY DATABASE EVENT SESSION ENABLE |
| ALTER ANY DATABASE EVENT SESSION DISABLE |
| ALTER ANY DATABASE EVENT SESSION ADD TARGET |
| ALTER ANY DATABASE EVENT SESSION DROP TARGET |
| ALTER ANY DATABASE EVENT SESSION |
| KILL DATABASE CONNECTION |
| VIEW ANY COLUMN ENCRYPTION KEY DEFINITION |
| VIEW ANY COLUMN MASTER KEY DEFINITION |
| VIEW DATABASE SECURITY STATE |
| VIEW DATABASE PERFORMANCE STATE |
| VIEW DATABASE STATE |
| VIEW SECURITY DEFINITION |
| VIEW PERFORMANCE DEFINITION |
| VIEW DEFINITION |
| TAKE OWNERSHIP |
| ALTER |
| ALTER ANY MASK |
| UNMASK |
| EXECUTE ANY EXTERNAL SCRIPT |
| ADMINISTER DATABASE BULK OPERATIONS |
| ALTER ANY SENSITIVITY CLASSIFICATION |
| VIEW ANY SENSITIVITY CLASSIFICATION |
| VIEW CRYPTOGRAPHICALLY SECURED DEFINITION |
| ENABLE LEDGER |
| ALTER LEDGER |
| VIEW LEDGER CONTENT |
| EXECUTE ANY EXTERNAL ENDPOINT |
| VIEW DATABASE SECURITY AUDIT |
| ALTER LEDGER CONFIGURATION |
| CONTROL |
[*] Database Roles:
| Role | Membership |
| ----------------- | ---------- |
| public | Yes |
| db_owner | No |
| db_accessadmin | No |
| db_securityadmin | No |
| db_ddladmin | No |
| db_backupoperator | No |
| db_datareader | No |
| db_datawriter | No |
| db_denydatareader | No |
| db_denydatawriter | No |
| sysadmin | Yes |
| setupadmin | Yes |
| serveradmin | Yes |
| securityadmin | Yes |
| processadmin | Yes |
| diskadmin | Yes |
| dbcreator | Yes |
| bulkadmin | Yes |
SQLRecon.exe /a:EntraID /h:sqlrecon.database.windows.net /d:domainabc.onmicrosoft.com /u:jsmith /p:Password123 /m:whoami
Expected Output:
[*] Executing the 'whoami' module on sqlrecon.database.windows.net
[*] Logged in as jsmith@sqlrecontest.onmicrosoft.com
[*] Mapped to the user jsmith@sqlrecontest.onmicrosoft.com
[*] Server Permissions:
| permission_name |
| ----------------- |
| CONNECT SQL |
| VIEW ANY DATABASE |
[*] Database Access:
| name |
| --------- |
| master |
| tempdb |
| model |
| msdb |
| Customers |
[*] Database Permissions:
| permission_name |
| ----------------------------------------- |
| CONNECT |
| VIEW ANY COLUMN ENCRYPTION KEY DEFINITION |
| VIEW ANY COLUMN MASTER KEY DEFINITION |
[*] Database Roles:
| Role | Membership |
| ----------------- | ---------- |
| public | Yes |
| db_owner | No |
| db_accessadmin | No |
| db_securityadmin | No |
| db_ddladmin | No |
| db_backupoperator | No |
| db_datareader | No |
| db_datawriter | No |
| db_denydatareader | No |
| db_denydatawriter | No |
| sysadmin | No |
| setupadmin | No |
| serveradmin | No |
| securityadmin | No |
| processadmin | No |
| diskadmin | No |
| dbcreator | No |
| bulkadmin | No |
SQLRecon.exe /a:AzureLocal /h:sqlrecon.database.windows.net /u:sa /p:Password123 /m:whoami
Expected Output:
[*] Executing the 'whoami' module on sqlrecon.database.windows.net
[*] Logged in as sa
[*] Mapped to the user dbo
[*] Server Permissions:
| permission_name |
| --------------------------------------------- |
| CONNECT SQL |
| SHUTDOWN |
| CREATE ENDPOINT |
| CREATE ANY DATABASE |
| CREATE AVAILABILITY GROUP |
| CREATE LOGIN |
| ALTER ANY LOGIN |
| ALTER ANY CREDENTIAL |
| ALTER ANY ENDPOINT |
| ALTER ANY LINKED SERVER |
| ALTER ANY CONNECTION |
| ALTER ANY DATABASE |
| ALTER RESOURCES |
| ALTER SETTINGS |
| ALTER TRACE |
| ALTER ANY AVAILABILITY GROUP |
| ADMINISTER BULK OPERATIONS |
| AUTHENTICATE SERVER |
| EXTERNAL ACCESS ASSEMBLY |
| VIEW ANY DATABASE |
| VIEW ANY SECURITY DEFINITION |
| VIEW ANY PERFORMANCE DEFINITION |
| VIEW ANY DEFINITION |
| VIEW SERVER SECURITY STATE |
| VIEW SERVER PERFORMANCE STATE |
| VIEW SERVER STATE |
| CREATE DDL EVENT NOTIFICATION |
| CREATE TRACE EVENT NOTIFICATION |
| ALTER ANY EVENT NOTIFICATION |
| ALTER SERVER STATE |
| UNSAFE ASSEMBLY |
| ALTER ANY SERVER AUDIT |
| CREATE SERVER ROLE |
| ALTER ANY SERVER ROLE |
| CREATE ANY EVENT SESSION |
| DROP ANY EVENT SESSION |
| ALTER ANY EVENT SESSION OPTION |
| ALTER ANY EVENT SESSION ADD EVENT |
| ALTER ANY EVENT SESSION DROP EVENT |
| ALTER ANY EVENT SESSION ENABLE |
| ALTER ANY EVENT SESSION DISABLE |
| ALTER ANY EVENT SESSION ADD TARGET |
| ALTER ANY EVENT SESSION DROP TARGET |
| ALTER ANY EVENT SESSION |
| CONNECT ANY DATABASE |
| IMPERSONATE ANY LOGIN |
| SELECT ALL USER SECURABLES |
| VIEW ANY CRYPTOGRAPHICALLY SECURED DEFINITION |
| VIEW ANY ERROR LOG |
| VIEW SERVER SECURITY AUDIT |
| CONTROL SERVER |
[*] Database Access:
| name |
| --------- |
| master |
| tempdb |
| model |
| msdb |
| Customers |
[*] Database Permissions:
| permission_name |
| -------------------------------------------- |
| CREATE TABLE |
| CREATE VIEW |
| CREATE PROCEDURE |
| CREATE FUNCTION |
| CREATE RULE |
| CREATE DEFAULT |
| BACKUP DATABASE |
| BACKUP LOG |
| CREATE DATABASE |
| CREATE TYPE |
| CREATE ASSEMBLY |
| CREATE XML SCHEMA COLLECTION |
| CREATE SCHEMA |
| CREATE SYNONYM |
| CREATE AGGREGATE |
| CREATE ROLE |
| CREATE MESSAGE TYPE |
| CREATE SERVICE |
| CREATE CONTRACT |
| CREATE REMOTE SERVICE BINDING |
| CREATE ROUTE |
| CREATE QUEUE |
| CREATE SYMMETRIC KEY |
| CREATE ASYMMETRIC KEY |
| CREATE EXTERNAL LANGUAGE |
| CREATE EXTERNAL LIBRARY |
| CREATE FULLTEXT CATALOG |
| CREATE CERTIFICATE |
| CREATE DATABASE DDL EVENT NOTIFICATION |
| CREATE USER |
| CONNECT |
| CONNECT REPLICATION |
| CHECKPOINT |
| SUBSCRIBE QUERY NOTIFICATIONS |
| AUTHENTICATE |
| SHOWPLAN |
| ALTER ANY USER |
| ALTER ANY ROLE |
| ALTER ANY APPLICATION ROLE |
| ALTER ANY COLUMN ENCRYPTION KEY |
| ALTER ANY COLUMN MASTER KEY |
| ALTER ANY SCHEMA |
| ALTER ANY ASSEMBLY |
| ALTER ANY DATABASE SCOPED CONFIGURATION |
| ALTER ANY DATASPACE |
| ALTER ANY EXTERNAL DATA SOURCE |
| ALTER ANY EXTERNAL FILE FORMAT |
| ALTER ANY EXTERNAL LIBRARY |
| ALTER ANY EXTERNAL LANGUAGE |
| ALTER ANY EXTERNAL STREAM |
| ALTER ANY EXTERNAL JOB |
| ALTER ANY MESSAGE TYPE |
| ALTER ANY CONTRACT |
| ALTER ANY SERVICE |
| ALTER ANY REMOTE SERVICE BINDING |
| ALTER ANY ROUTE |
| ALTER ANY FULLTEXT CATALOG |
| ALTER ANY SYMMETRIC KEY |
| ALTER ANY ASYMMETRIC KEY |
| ALTER ANY CERTIFICATE |
| ALTER ANY SECURITY POLICY |
| SELECT |
| INSERT |
| UPDATE |
| DELETE |
| REFERENCES |
| EXECUTE |
| ALTER ANY DATABASE DDL TRIGGER |
| ALTER ANY DATABASE EVENT NOTIFICATION |
| ALTER ANY DATABASE AUDIT |
| CREATE ANY DATABASE EVENT SESSION |
| DROP ANY DATABASE EVENT SESSION |
| ALTER ANY DATABASE EVENT SESSION OPTION |
| ALTER ANY DATABASE EVENT SESSION ADD EVENT |
| ALTER ANY DATABASE EVENT SESSION DROP EVENT |
| ALTER ANY DATABASE EVENT SESSION ENABLE |
| ALTER ANY DATABASE EVENT SESSION DISABLE |
| ALTER ANY DATABASE EVENT SESSION ADD TARGET |
| ALTER ANY DATABASE EVENT SESSION DROP TARGET |
| ALTER ANY DATABASE EVENT SESSION |
| KILL DATABASE CONNECTION |
| VIEW ANY COLUMN ENCRYPTION KEY DEFINITION |
| VIEW ANY COLUMN MASTER KEY DEFINITION |
| VIEW DATABASE SECURITY STATE |
| VIEW DATABASE PERFORMANCE STATE |
| VIEW DATABASE STATE |
| VIEW SECURITY DEFINITION |
| VIEW PERFORMANCE DEFINITION |
| VIEW DEFINITION |
| TAKE OWNERSHIP |
| ALTER |
| ALTER ANY MASK |
| UNMASK |
| EXECUTE ANY EXTERNAL SCRIPT |
| ADMINISTER DATABASE BULK OPERATIONS |
| ALTER ANY SENSITIVITY CLASSIFICATION |
| VIEW ANY SENSITIVITY CLASSIFICATION |
| VIEW CRYPTOGRAPHICALLY SECURED DEFINITION |
| ENABLE LEDGER |
| ALTER LEDGER |
| VIEW LEDGER CONTENT |
| EXECUTE ANY EXTERNAL ENDPOINT |
| VIEW DATABASE SECURITY AUDIT |
| ALTER LEDGER CONFIGURATION |
| CONTROL |
[*] Database Roles:
| Role | Membership |
| ----------------- | ---------- |
| public | Yes |
| db_owner | No |
| db_accessadmin | No |
| db_securityadmin | No |
| db_ddladmin | No |
| db_backupoperator | No |
| db_datareader | No |
| db_datawriter | No |
| db_denydatareader | No |
| db_denydatawriter | No |
| sysadmin | Yes |
| setupadmin | Yes |
| serveradmin | Yes |
| securityadmin | Yes |
| processadmin | Yes |
| diskadmin | Yes |
| dbcreator | Yes |
| bulkadmin | Yes |