Audit Module for SQL Server¶

class kaititu.audit.mssql.MSSqlACR¶

Bases: kaititu.audit.AccessControlReport

MS SQL Server access control report. Tested on SQL Server version >= 2012

Note

The INSTANCE column is the database where the queries are executed.

__init__(conx: sqlalchemy.engine.base.Connection) → None¶

Initializer

Parameters:

conx (sqlalchemy.engine.Connection) – Connection instance with mssql dialect

Raises:

TypeError – when conx is not a class or subclass of sqlalchemy.engine.Connection
ValueError – when connection’s dialect is not mssql

all_profile_undue_table_privileges() → polars.dataframe.frame.DataFrame¶

Run the MSSqlACR.profile_undue_table_privileges() method for all non-system databases in the server.

Returns:: DataFrame – a DataFrame with the same format as the MSSqlACR.profile_undue_table_privileges() method.

all_profile_with_login() → polars.dataframe.frame.DataFrame¶

Run the MSSqlACR.profile_with_login() method for all non-system databases in the server.

Returns:: DataFrame – a DataFrame with the same format as the MSSqlACR.profile_with_login() method

all_role_without_members() → polars.dataframe.frame.DataFrame¶

Run the MSSqlACR.role_without_members() method for all non-system databases in the server.

Returns:: DataFrame – a DataFrame with the same format as the MSSqlACR.role_without_members() method.

profile_undue_table_privileges() → polars.dataframe.frame.DataFrame¶

Get undue privileges for tables per profile if any. Undue privilege for tables happens when a profile isn’t owner of a table and can do any DML or DDL operation on it, except select.

Returns:

DataFrame – 6-columns dataframe with undue privileges per role

PROFILE => Role name or User name

TABLE_SCHEMA => The schema’s name of tables

TABLE_NAME => The name of table

PRIVILEGE => All role’s privilege separated by ‘|’. eg. “INSERT | UPDATE | GRANT”

INSTANCE => Database name or Service name

SOCKET => Database Host and port as string

profile_with_login() → polars.dataframe.frame.DataFrame¶

Get users or roles that can connect (login)

Returns:

DataFrame – a 3-columns dataframe as below

PROFILE => Role name or User name

INSTANCE => Database name or Service name

SOCKET => Database Host and port as string

role_without_members() → polars.dataframe.frame.DataFrame¶

Get roles without members

Returns:

DataFrame – 3-columns dataframe with roles that don’t have members

ROLE => Role name

INSTANCE => Database name or Service name

SOCKET => Database Host and port as string