Monitors the DB chaining setting for the database
This monitor checks the DB Chaining setting for this database.Since this monitor is a part of an overall standards requirement, an alert would be generated if the setting does not meet the specified standard.
The DB Chaining setting controls whether the database can be accessed by external resources, such as objects from another database.When the DB Chaining setting is ON, a database can be the source or target of a cross-database ownership chain.
To minimize the security surface area and to prevent certain spoofing scenarios, DB_CHAINING should be OFF.You should only have it ON if you are sure that your application requires it.
DB_CHAINING {ON | OFF}
A warning alert will be raised if the option does not match the required setting.Out of the box, the monitor is configured to alert when this setting is set to “ON”.
This issue may be resolved by:
Changing the configuration setting for this database to match the expected value.
Overriding the expected value for this unit monitor for this specific database or all databases.
Alternatively, if this monitor is not of concern for this database:
Disabling the monitor using overrides for this specific database or all databases.
Disabling the top-level aggregate configuration monitor using overrides for this specific database or all databases.
See more detailed information about this setting: ALTER DATABASE SET Options (Transact-SQL)
Target | Microsoft.SQLServer.2012.Database | ||
Parent Monitor | Microsoft.SQLServer.2012.Database.ExternalAccessConfiguration | ||
Category | ConfigurationHealth | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.SQLServer.2012.DBConfigurationStatus | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.SQLServer.2012.Database.Configuration.DBChaining" Accessibility="Public" Enabled="false" Target="SQL2012Core!Microsoft.SQLServer.2012.Database" ParentMonitorID="Microsoft.SQLServer.2012.Database.ExternalAccessConfiguration" Remotable="true" Priority="Normal" TypeID="Microsoft.SQLServer.2012.DBConfigurationStatus" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.SQLServer.2012.Database.Configuration.DBChaining.AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Property[Type="SQL!Microsoft.SQLServer.Database"]/DatabaseName$</AlertParameter1>
<AlertParameter2>$Target/Host/Property[Type="SQL!Microsoft.SQLServer.ServerRole"]/InstanceName$</AlertParameter2>
<AlertParameter3>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ConfigurationValueOK" MonitorTypeStateID="ConfigurationValueOK" HealthState="Success"/>
<OperationalState ID="ConfigurationValueNotOK" MonitorTypeStateID="ConfigurationValueNotOK" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<ConnectionString>$Target/Host/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/ConnectionString$</ConnectionString>
<DatabaseName>$Target/Property[Type="SQL!Microsoft.SQLServer.Database"]/DatabaseName$</DatabaseName>
<IntervalSeconds>43200</IntervalSeconds>
<SyncTime/>
<ConfigValue>DBChaining</ConfigValue>
<ExpectedValue>OFF</ExpectedValue>
<ExcludeOnExpress>false</ExcludeOnExpress>
<SQLSKU>$Target/Host/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/Edition$</SQLSKU>
<TimeoutSeconds>300</TimeoutSeconds>
</Configuration>
</UnitMonitor>