USE [HCITools]
GO

IF EXISTS (SELECT * FROM sys.objects o JOIN sys.schemas s ON o.schema_id = s.schema_id WHERE o.name = 'sp_ddl_sysadmin' AND OBJECTPROPERTY(object_id,N'IsProcedure') = 1 AND s.name = 'dba')
  DROP PROCEDURE [dba].[sp_ddl_sysadmin]
GO

SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO





CREATE PROCEDURE [dba].[sp_ddl_sysadmin]
                 
AS 
/*============================================================================= 

  Explication du traitement realise par la SP
  -------------------------------------------
    Cette SP est exécutée toute les jours et check les modifications sur l'ajout ou la création du un login sysadmin. 
    Les résultats sont envoyés par mail
        
  Parametres  
  ----------  
   
  Creation : 17.09.2019 / SPE
   
  Modifications : 21.10.2020 / SPE: Exclude dba login from resultset
                  09.02.2021 / SPE : #TFS62610# - Update all mail configurations to avoid SPAM
                  17.03.2022 / FLA : Change DBA mail
                  17.08.2023 / SPE : OCTPDBA-726: Replace mail profile name APSSQL_MAIL_PROFILE into AzureManagedInstance_dbmail_profile to be SQL managed instances compatible
  
=============================================================================*/ 

SET NOCOUNT ON;

/*------------------- Declaration des variables --------------------*/

  DECLARE @errno                                    int,
          @cvCurrentOrganizationalUnit              int,
          @subsidiary_id                            int,
          @totAlerts                                int,
          @totDDL                                   int,
          @html                                     nvarchar(max),
          @errmsg                                   varchar(255),
          @email                                    varchar(255),
          @subject                                  varchar(255),
          @out_default_value                        varchar(60),
          @format                                   varchar(60),
          @mailImportance                           varchar(6),
          @ou                                       varchar(3)

  

/*-------------------------- Traitement ---------------------------*/
BEGIN TRY

/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 1 : RETRIEVE FORMAT AND OU CODE /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
    
	IF EXISTS(SELECT 1 FROM [master].[cfg].[InstanceContext] WHERE Business = 'TPPHAR')
	BEGIN
	  /* Get the cvCurrentOrganizationalUnit */
      EXEC arizona.dbo.sp_bmc_Bmc_Applic_Default 
           @in_job_type        = 3,
           @in_param_int_1     = null,
           @in_param_int_2     = null,
           @in_param_varchar_1 = 'cvCurrentOrganizationalUnit',
           @out_default_value  = @out_default_value OUTPUT,
           @out_param_int_1    = null;
  
      SELECT @cvCurrentOrganizationalUnit = convert(int,@out_default_value);

      /* Check if we have a value, if not leave this SP */
      IF @cvCurrentOrganizationalUnit is null 
      BEGIN
        SELECT @errno = 70001,
               @errmsg = '(APS) Error cvCurrentOrganizationalUnit does not exist!';
        goto error_99;
      END

      /* Get the subsidiary id and OU code */
      SELECT @subsidiary_id = ou.OU_subsidiary, @ou = ou.OU_Code
        FROM arizona.dbo.Organizational_unit ou  with (nolock)
       WHERE ou.Organizational_unit_ID = @cvCurrentOrganizationalUnit;

      /* Check if we have a value, if not leave this SP */
      IF @subsidiary_id is null 
      BEGIN
        SELECT @errno = 70001,
               @errmsg = '(APS) Error subsidiary_id does not exist!';
        goto error_99;
      END

      /* Get the current format */
      SELECT @format = sub.SUB_code
        FROM arizona.dbo.Subsidiary sub  with (nolock)
       WHERE sub.Subsidiary_ID = @subsidiary_id;
  
      /* Check if we have a value, if not leave this SP */
      IF @format is null 
      BEGIN
        SELECT @errno = 70001,
               @errmsg = '(APS) Error format does not exist!';
        goto error_99;
      END

      /* Change the value into a compatible format */
      IF @format = 'COOP'
      BEGIN
        SET @format = 'CVI'
      END

      IF @format = 'CENT'
      BEGIN
        SET @format = 'SUN'
      END

      IF @format = '000'
      BEGIN
        SET @format = 'AAI'
      END
	END
    ELSE
	BEGIN
	  SELECT @format = DnsAlias FROM [master].[cfg].[Identity]
	  SET @ou = ''
	END


/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\    2 : RETRIEVE DDL EVENTS      /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
 
  /* Insert into #DDLSysadminLog temp table all DDL events of type LOGIN (SYSADMIN) for the last 24 hours */
  SELECT DA_App_Name,
          DA_Host_Name,
          DA_Event_Xml.value('(./EVENT_INSTANCE/PostTime)[1]','NVARCHAR(MAX)') AS PostTime,
          DA_Event_Xml.value('(./EVENT_INSTANCE/SPID)[1]','NVARCHAR(MAX)') AS SPID,
          DA_Event_Xml.value('(./EVENT_INSTANCE/ServerName)[1]','NVARCHAR(MAX)') AS ServerName,
          DA_Event_Xml.value('(./EVENT_INSTANCE/LoginName)[1]','NVARCHAR(MAX)') AS LoginName,
          DA_Event_Xml.value('(./EVENT_INSTANCE/ObjectName)[1]','NVARCHAR(MAX)') AS ObjectName
    INTO #DDLSysadminLog
    FROM [master].[dba].[DDL_audit]
   WHERE DA_Event_Xml.value('(./EVENT_INSTANCE/ObjectType)[1]','NVARCHAR(MAX)') = 'LOGIN'
     AND DA_Event_Xml.value('(./EVENT_INSTANCE/TSQLCommand/CommandText)[1]','NVARCHAR(MAX)') like '%sysadmin%add%'
     AND DA_Event_Xml.value('(./EVENT_INSTANCE/PostTime)[1]','NVARCHAR(MAX)') > GETDATE()-1
     AND DA_Event_Xml.value('(./EVENT_INSTANCE/LoginName)[1]','NVARCHAR(MAX)') <> 'dba'
   ORDER BY DA_Event_Xml.value('(./EVENT_INSTANCE/PostTime)[1]','NVARCHAR(MAX)') DESC


/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\    3 : CREATE AND SEND MAIL     /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */

  /* Count total critical alerts and set mail level */
  SELECT @totDDL = COUNT(*) FROM #DDLSysadminLog AL 
  SET @mailImportance = 'High'
 
  IF @totDDL > 0
  BEGIN
    
  SELECT @email = DML_Recipients
    FROM HCITools.dbo.DBA_Mailing_list
   WHERE DML_Code = 'DBA_operator'

    SET @subject = @format+@ou+': ' + convert(varchar,@totDDL) + ' sysadmin account granted!!! - [' + @@SERVERNAME + ']' 
    SET @HTML =
      N'<body>Server: ' + @format+@ou+'<br />List of all sysadmin accounts granted for the last day: <br /><br /><table border="1">' +
      N'<tr><th>AlertLevel</th><th>Application Name</th><th>Host Name</th><th>Modified date</th><th>SPID</th><th>Server Name</th><th>Login Name</th><th>Object set as SYSADMIN</th></tr>' +
    CAST(( SELECT 'CRITICAL' AS 'td','',AL.DA_App_Name AS 'td','',
         DA_Host_Name AS 'td','',
         PostTime AS 'td','',
         SPID AS 'td','',
         ServerName AS 'td','',
         isnull(LoginName,'') AS 'td','',
         isnull(ObjectName,'') AS 'td',''
   FROM #DDLSysadminLog AL
  FOR XML PATH('tr'), ELEMENTS ) AS NVARCHAR(MAX)) +
      N'</table></body>' ;

    /* Get default mailbox profile name */
    DECLARE @defaultprofilname varchar(100)
    SELECT DISTINCT @defaultprofilname = p.name FROM msdb.dbo.sysmail_profile p JOIN msdb.dbo.sysmail_principalprofile pp ON pp.profile_id = p.profile_id AND pp.is_default = 1

    /* SEND MAIL */
    EXEC msdb.dbo.sp_send_dbmail     
          @profile_name = @defaultprofilname,  
          @recipients = @email,
          @body = @html,
          @importance = @mailImportance,
          @subject = @subject,
          @body_format = 'HTML';
  END

  /* Drop temp tables */
  DROP TABLE #DDLSysadminLog

END TRY
BEGIN CATCH 
  SELECT @errno = 70003,
         @errmsg = 'error on sp_ddl_sysadmin! ' + error_message()
  goto error_99
END CATCH; 

/*------------------ Retour au programme appelant -----------------*/

RETURN(@@error);

/*---------------------- Traitement des erreurs ----------------------*/
error_99:
  RAISERROR (@errmsg, 16, 1);
  RETURN(@errno);


GO