This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I have a logging procedure that reads from the two tables on master:
I had to assign permissions to a group for correct execution:
but I didn't want to give them too much.
I also tried with a db role on master, but seems not enough, can you confirm that?
USE master;
GO
CREATE ROLE sp_log_usage;
GRANT SELECT ON sys.dm_exec_connections TO sp_log_usage;
GRANT SELECT ON sys.dm_exec_sessions TO sp_log_usage;
ALTER ROLE sp_log_usage ADD MEMBER [domain\mygroup];
On SQL Server and SQL Managed Instance, requires VIEW SERVER STATE permission
Thanks ALEN
Rather than granting the permission to the group, grant it to the procedure. Or more precisely, sign the procedure with a certificate, create a login from that certificate and grant that login the permission needed. Which on SQL 2022 and SQL MI is VIEW SERVER PERFORMANCE STATE.
I describe the technique with certificate signing in a lot more detail in an article on my web site: Packaging Permissions in Stored Procedures
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @Alen Cappelletti,
Thanks for your information.
I agree with Erland Sommarskog. Sign in with a certificate based on a login with the needed permissions is the most secure way to wrap the DMV query in a proc. I've checked out the article Erland provided; it is a good tool to have at hand, so, I think it's worth for us to spend time reading the article.
In addition, for the VIEW SERVER PERFORMANCE STATE on SQL Server 2022 and SQL MI, this article tells you the detailed information, hope this can help you well.
Best regards,
Lucy Chen
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/support/email-notifications