This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 84%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi All,
I have a lot of databases with trusthworthy settings turned on.
Is there a way we can monitor whether we are really using it so that we can disable it if not used.
Thanks,
ACDBA
You can use SQL Server Auditing (DATABASE_PRINCIPAL_IMPERSONATION_GROUP, SERVER_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP) to monitor when is used. Read the documentation here.
In addition to Alberto's post, check if these database have any CLR assemblies. They may also require the TRUSTWORTHY setting. Or precisely, someone thought they need. There other ways to establish trust for CLR assemblies. And better.
I would also run
SELECT COUNT(*) FROM sys.sql_modules WHERE execute_as_principal_id IS NOT NULL
This will reveals modules with the EXECUTE AS clause. I am not sure that Auditing captures these. And it's a lot quicker than turning on auditing and see if something appears.
Thank you Erland for adding this information.