Monitors the trustworthy setting for the database
This monitor checks the Trustworthy setting for this database.Since this monitor is a part of an overall standards requirement, an alert would be generated if the setting does not meet the specified standard.
The TRUSTWORTHY setting is used to indicate whether the instance of SQL Server trusts the database and the contents within it.When the Trustworthy setting is ON, database modules (for example, user-defined functions or stored procedures) that use an impersonation context can access resources outside the database.
To minimize security risks, TRUSTWORTHY should be OFF.When it is OFF, “EXECUTE AS USER” is scoped to the database itself and only those CLR assemblies marked as SAFE can be used.You should only have it ON if you are sure that your application requires it.
TRUSTWORTHY {ON | OFF}
A warning alert will be raised if the option does not match the required setting.Out of the box, the monitor is configured to alert when this setting is set to “ON”.
This issue may be resolved by:
Changing the configuration setting for this database to match the expected value.
Overriding the expected value for this unit monitor for this specific database or all databases.
Alternatively, if this monitor is not of concern for this database:
Disabling the monitor using overrides for this specific database or all databases.
Disabling the top-level aggregate configuration monitor using overrides for this specific database or all databases.
See more detailed information about this setting: ALTER DATABASE SET Options (Transact-SQL)
Target | Microsoft.SQLServer.2012.Database | ||
Parent Monitor | Microsoft.SQLServer.2012.Database.ExternalAccessConfiguration | ||
Category | ConfigurationHealth | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.SQLServer.2012.DBConfigurationStatus | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.SQLServer.2012.Database.Configuration.TrustWorthy" Accessibility="Public" Enabled="false" Target="SQL2012Core!Microsoft.SQLServer.2012.Database" ParentMonitorID="Microsoft.SQLServer.2012.Database.ExternalAccessConfiguration" Remotable="true" Priority="Normal" TypeID="Microsoft.SQLServer.2012.DBConfigurationStatus" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.SQLServer.2012.Database.Configuration.TrustWorthy.AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Property[Type="SQL!Microsoft.SQLServer.Database"]/DatabaseName$</AlertParameter1>
<AlertParameter2>$Target/Host/Property[Type="SQL!Microsoft.SQLServer.ServerRole"]/InstanceName$</AlertParameter2>
<AlertParameter3>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ConfigurationValueOK" MonitorTypeStateID="ConfigurationValueOK" HealthState="Success"/>
<OperationalState ID="ConfigurationValueNotOK" MonitorTypeStateID="ConfigurationValueNotOK" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<ConnectionString>$Target/Host/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/ConnectionString$</ConnectionString>
<DatabaseName>$Target/Property[Type="SQL!Microsoft.SQLServer.Database"]/DatabaseName$</DatabaseName>
<IntervalSeconds>43200</IntervalSeconds>
<SyncTime/>
<ConfigValue>TrustWorthy</ConfigValue>
<ExpectedValue>OFF</ExpectedValue>
<ExcludeOnExpress>false</ExcludeOnExpress>
<SQLSKU>$Target/Host/Property[Type="SQL!Microsoft.SQLServer.DBEngine"]/Edition$</SQLSKU>
<TimeoutSeconds>300</TimeoutSeconds>
</Configuration>
</UnitMonitor>