trustworthy setting for the database

ACDBA 416 Reputation points
2022-12-08T11:22:10.13+00:00

Hi All,

I have a lot of databases with trusthworthy settings turned on.
Is there a way we can monitor whether we are really using it so that we can disable it if not used.

Thanks,
ACDBA

Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
12,713 questions
0 comments
Accepted answer
  1. Alberto Morillo 32,886 Reputation points MVP
    2022-12-08T11:45:00.547+00:00

    You can use SQL Server Auditing (DATABASE_PRINCIPAL_IMPERSONATION_GROUP, SERVER_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP) to monitor when is used. Read the documentation here.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Erland Sommarskog 101K Reputation points MVP
    2022-12-08T22:29:47.08+00:00

    In addition to Alberto's post, check if these database have any CLR assemblies. They may also require the TRUSTWORTHY setting. Or precisely, someone thought they need. There other ways to establish trust for CLR assemblies. And better.

    I would also run 

       SELECT COUNT(*) FROM sys.sql_modules WHERE execute_as_principal_id IS NOT NULL

    This will reveals modules with the EXECUTE AS clause. I am not sure that Auditing captures these. And it's a lot quicker than turning on auditing and see if something appears.

    1 person found this answer helpful.