thierry/sql-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
486b43a9122ea0fa76bb1d79258336b5d29f3fbe
sql-scripts/TPDT-268 - ACP in task sequence/dba_storedProcedures/sp_ddl_sysadmin.sql
Thierry Schork 859a324c7e sync
2024-03-07 16:52:14 +01:00

225 lines
8.6 KiB
Transact-SQL
Raw Blame History

USE [HCITools]
GO
IF EXISTS (SELECT * FROM sys.objects o JOIN sys.schemas s ON o.schema_id = s.schema_id WHERE o.name = 'sp_ddl_sysadmin' AND OBJECTPROPERTY(object_id,N'IsProcedure') = 1 AND s.name = 'dba')
DROP PROCEDURE [dba].[sp_ddl_sysadmin]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
CREATE PROCEDURE [dba].[sp_ddl_sysadmin]
AS
/*=============================================================================
Explication du traitement realise par la SP
-------------------------------------------
Cette SP est exécutée toute les jours et check les modifications sur l'ajout ou la création du un login sysadmin.
Les résultats sont envoyés par mail
Parametres
----------
Creation : 17.09.2019 / SPE
Modifications : 21.10.2020 / SPE: Exclude dba login from resultset
09.02.2021 / SPE : #TFS62610# - Update all mail configurations to avoid SPAM
17.03.2022 / FLA : Change DBA mail
17.08.2023 / SPE : OCTPDBA-726: Replace mail profile name APSSQL_MAIL_PROFILE into AzureManagedInstance_dbmail_profile to be SQL managed instances compatible
=============================================================================*/
SET NOCOUNT ON;
/*------------------- Declaration des variables --------------------*/
DECLARE @errno int,
@cvCurrentOrganizationalUnit int,
@subsidiary_id int,
@totAlerts int,
@totDDL int,
@html nvarchar(max),
@errmsg varchar(255),
@email varchar(255),
@subject varchar(255),
@out_default_value varchar(60),
@format varchar(60),
@mailImportance varchar(6),
@ou varchar(3)
/*-------------------------- Traitement ---------------------------*/
BEGIN TRY
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 1 : RETRIEVE FORMAT AND OU CODE /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
IF EXISTS(SELECT 1 FROM [master].[cfg].[InstanceContext] WHERE Business = 'TPPHAR')
BEGIN
/* Get the cvCurrentOrganizationalUnit */
EXEC arizona.dbo.sp_bmc_Bmc_Applic_Default
@in_job_type = 3,
@in_param_int_1 = null,
@in_param_int_2 = null,
@in_param_varchar_1 = 'cvCurrentOrganizationalUnit',
@out_default_value = @out_default_value OUTPUT,
@out_param_int_1 = null;
SELECT @cvCurrentOrganizationalUnit = convert(int,@out_default_value);
/* Check if we have a value, if not leave this SP */
IF @cvCurrentOrganizationalUnit is null
BEGIN
SELECT @errno = 70001,
@errmsg = '(APS) Error cvCurrentOrganizationalUnit does not exist!';
goto error_99;
END
/* Get the subsidiary id and OU code */
SELECT @subsidiary_id = ou.OU_subsidiary, @ou = ou.OU_Code
FROM arizona.dbo.Organizational_unit ou with (nolock)
WHERE ou.Organizational_unit_ID = @cvCurrentOrganizationalUnit;
/* Check if we have a value, if not leave this SP */
IF @subsidiary_id is null
BEGIN
SELECT @errno = 70001,
@errmsg = '(APS) Error subsidiary_id does not exist!';
goto error_99;
END
/* Get the current format */
SELECT @format = sub.SUB_code
FROM arizona.dbo.Subsidiary sub with (nolock)
WHERE sub.Subsidiary_ID = @subsidiary_id;
/* Check if we have a value, if not leave this SP */
IF @format is null
BEGIN
SELECT @errno = 70001,
@errmsg = '(APS) Error format does not exist!';
goto error_99;
END
/* Change the value into a compatible format */
IF @format = 'COOP'
BEGIN
SET @format = 'CVI'
END
IF @format = 'CENT'
BEGIN
SET @format = 'SUN'
END
IF @format = '000'
BEGIN
SET @format = 'AAI'
END
END
ELSE
BEGIN
SELECT @format = DnsAlias FROM [master].[cfg].[Identity]
SET @ou = ''
END
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 2 : RETRIEVE DDL EVENTS /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* Insert into #DDLSysadminLog temp table all DDL events of type LOGIN (SYSADMIN) for the last 24 hours */
SELECT DA_App_Name,
DA_Host_Name,
DA_Event_Xml.value('(./EVENT_INSTANCE/PostTime)[1]','NVARCHAR(MAX)') AS PostTime,
DA_Event_Xml.value('(./EVENT_INSTANCE/SPID)[1]','NVARCHAR(MAX)') AS SPID,
DA_Event_Xml.value('(./EVENT_INSTANCE/ServerName)[1]','NVARCHAR(MAX)') AS ServerName,
DA_Event_Xml.value('(./EVENT_INSTANCE/LoginName)[1]','NVARCHAR(MAX)') AS LoginName,
DA_Event_Xml.value('(./EVENT_INSTANCE/ObjectName)[1]','NVARCHAR(MAX)') AS ObjectName
INTO #DDLSysadminLog
FROM [master].[dba].[DDL_audit]
WHERE DA_Event_Xml.value('(./EVENT_INSTANCE/ObjectType)[1]','NVARCHAR(MAX)') = 'LOGIN'
AND DA_Event_Xml.value('(./EVENT_INSTANCE/TSQLCommand/CommandText)[1]','NVARCHAR(MAX)') like '%sysadmin%add%'
AND DA_Event_Xml.value('(./EVENT_INSTANCE/PostTime)[1]','NVARCHAR(MAX)') > GETDATE()-1
AND DA_Event_Xml.value('(./EVENT_INSTANCE/LoginName)[1]','NVARCHAR(MAX)') <> 'dba'
ORDER BY DA_Event_Xml.value('(./EVENT_INSTANCE/PostTime)[1]','NVARCHAR(MAX)') DESC
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 3 : CREATE AND SEND MAIL /////////////////////////////////////////////////// */
/* ------------------------------------------------------------------------------------------------------------------------------------- */
/* Count total critical alerts and set mail level */
SELECT @totDDL = COUNT(*) FROM #DDLSysadminLog AL
SET @mailImportance = 'High'
IF @totDDL > 0
BEGIN
SELECT @email = DML_Recipients
FROM HCITools.dbo.DBA_Mailing_list
WHERE DML_Code = 'DBA_operator'
SET @subject = @format+@ou+': ' + convert(varchar,@totDDL) + ' sysadmin account granted!!! - [' + @@SERVERNAME + ']'
SET @HTML =
N'<body>Server: ' + @format+@ou+'<br />List of all sysadmin accounts granted for the last day: <br /><br /><table border="1">' +
N'<tr><th>AlertLevel</th><th>Application Name</th><th>Host Name</th><th>Modified date</th><th>SPID</th><th>Server Name</th><th>Login Name</th><th>Object set as SYSADMIN</th></tr>' +
CAST(( SELECT 'CRITICAL' AS 'td','',AL.DA_App_Name AS 'td','',
DA_Host_Name AS 'td','',
PostTime AS 'td','',
SPID AS 'td','',
ServerName AS 'td','',
isnull(LoginName,'') AS 'td','',
isnull(ObjectName,'') AS 'td',''
FROM #DDLSysadminLog AL
FOR XML PATH('tr'), ELEMENTS ) AS NVARCHAR(MAX)) +
N'</table></body>' ;
/* Get default mailbox profile name */
DECLARE @defaultprofilname varchar(100)
SELECT DISTINCT @defaultprofilname = p.name FROM msdb.dbo.sysmail_profile p JOIN msdb.dbo.sysmail_principalprofile pp ON pp.profile_id = p.profile_id AND pp.is_default = 1
/* SEND MAIL */
EXEC msdb.dbo.sp_send_dbmail
@profile_name = @defaultprofilname,
@recipients = @email,
@body = @html,
@importance = @mailImportance,
@subject = @subject,
@body_format = 'HTML';
END
/* Drop temp tables */
DROP TABLE #DDLSysadminLog
END TRY
BEGIN CATCH
SELECT @errno = 70003,
@errmsg = 'error on sp_ddl_sysadmin! ' + error_message()
goto error_99
END CATCH;
/*------------------ Retour au programme appelant -----------------*/
RETURN(@@error);
/*---------------------- Traitement des erreurs ----------------------*/
error_99:
RAISERROR (@errmsg, 16, 1);
RETURN(@errno);
GO
Reference in New Issue View Git Blame Copy Permalink