I’ve a developper that simply unintentionally ran an UPDATE and ALTER TABLE script he was engaged on in a manufacturing database as a substitute of the developement environement.
How can I observe down what safety group allowed such a conduct? I’ve the AD login used, in addition to the goal database.
I may go the good distance round, wanting into each single AD group and sub-group this consumer is a member of, and test for every one if it grants some sort of safety in my SQL server. However it will take hours. And that may solely cowl one consumer out of a dozen.
I wish to observe permissions (apart from READ or VIEW DEFINITION), and their AD members. Both deciding on an AD consumer and look throu what they’ve entry to, or the opposite approach round, deciding on a database and getting everybody that has entry to to it (and the way).
I can deal with a Powershell resolution too if somebody has some code to share (PS beginner).