Update SSDB.non-service_accounts.sql #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
This SQL script efficiently audits database ownership, user roles, agent jobs, and report subscriptions by leveraging conditional filters, joins, and aggregations. It ensures that only valid accounts are included by excluding service accounts and filtering based on a dynamic login name parameter, $(login_name).
Feedback:
- Code Structure & Readability:
o The structure is clean, and logical grouping of sections like "check databases users," "check agent jobs," and "check report subscriptions" makes it easy to follow.
o Using meaningful aliases (e.g., db, sl, dp, dm) keeps the code compact, but a comment for each section would improve readability further, especially for junior DBAs. - Efficiency & Performance:
o Great job using JOIN clauses to retrieve associated data across various system tables. These joins are essential for accurate reporting and improve performance compared to subqueries in most cases.
o The use of GROUP BY and ORDER BY is efficient, helping to ensure organized output. Ensure #service_accounts has necessary indexes if it’s frequently used for exclusions to avoid scan operations. - Parameterization:
o Leveraging $(login_name) as a filter parameter offers flexibility, making this script versatile for different scenarios.
o Consider adding a DEFAULT value if this parameter isn’t defined to handle cases where no specific login is targeted. - Error Handling & Edge Cases:
o The script’s handling of NULL values, especially in sections where dp.[sid] is checked, helps avoid errors related to missing or NULL principals.
o Be cautious with LIKE ''##%''' in role checks. This is generally effective but could benefit from a comment or explanation, especially if it targets a specific naming convention. - Collation Sensitivity:
o Good handling of collation differences with the COLLATE clause on ou.[UserName]. It ensures consistent results when comparing string data across different collation settings, an essential practice for multi-collation environments. - Suggestions:
o Consider wrapping the script in a stored procedure or encapsulating each section as functions or views if this will be a reusable audit tool.
o Adding comments for complex joins or conditional logic would aid future maintainers in understanding the intent of each section more quickly.
Overall:
This is a well-crafted and thorough script that captures essential audit data across multiple dimensions. With some additional commenting and minor adjustments, it could serve as a robust solution for ongoing database and user audits.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.