Monitors the Cross-database Ownership Chaining Enabled setting for the database. Note: This monitor is disabled by default. Please use overrides to enable it when necessary.
This monitor checks the DB Chaining setting for this database. Since this monitor is a part of an overall standards requirement, an alert would be generated if the setting does not meet the specified standard.
The DB Chaining setting controls whether the database can be accessed by external resources, such as objects from another database. When the DB Chaining setting is ON, a database can be the source or target of a cross-database ownership chain.
To minimize the security surface area and to prevent certain spoofing scenarios, DB_CHAINING should be OFF. You should only have it ON if you are sure that your application requires it.
DB_CHAINING {ON | OFF}
A warning alert will be raised if the option does not match the required setting. Out of the box, the monitor is configured to alert when this setting is set to “ON”.
This issue may be resolved by:
Changing the configuration setting for this database to match the expected value.
Overriding the expected value for this unit monitor for this specific database or all databases.
Alternatively, if this monitor is not of concern for this database:
Disabling the monitor using overrides for this specific database or all databases.
Disabling the top-level aggregate configuration monitor using overrides for this specific database or all databases.
See more detailed information about this setting: ALTER DATABASE SET Options (Transact-SQL)
Name | Description | Default Value |
Enabled |
| No |
Disable Check for SQL Express | This may only be set to 'true' or 'false'. The workflow will not consider SQL Server Express edition if set to 'true'. | 0 |
Expected Value | Expected value of database configuration setting. To view the set of applicable values please refer to "Configuration" section of the knowledge base article of this monitor. | OFF |
Generates Alerts |
| Yes |
Interval (seconds) | The recurring interval of time in seconds in which to run the workflow. | 43200 |
Timeout (seconds) | Specifies the time the workflow is allowed to run before being closed and marked as failed. | 300 |
Target | Microsoft.SQLServer.2014.Database | ||
Parent Monitor | Microsoft.SQLServer.2014.Database.ExternalAccessConfiguration | ||
Category | ConfigurationHealth | ||
Enabled | False | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.SQLServer.2014.DBConfigurationStatus | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.SQLServer.2014.Database.Configuration.DBChaining" Accessibility="Public" Enabled="false" Target="SQL2014Core!Microsoft.SQLServer.2014.Database" ParentMonitorID="Microsoft.SQLServer.2014.Database.ExternalAccessConfiguration" Remotable="true" Priority="Normal" TypeID="Microsoft.SQLServer.2014.DBConfigurationStatus" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.SQLServer.2014.Database.Configuration.DBChaining.AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.Database"]/DatabaseName$</AlertParameter1>
<AlertParameter2>$Target/Host/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.ServerRole"]/InstanceName$</AlertParameter2>
<AlertParameter3>$Target/Host/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ConfigurationValueOK" MonitorTypeStateID="ConfigurationValueOK" HealthState="Success"/>
<OperationalState ID="ConfigurationValueNotOK" MonitorTypeStateID="ConfigurationValueNotOK" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<ConnectionString>$Target/Host/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.DBEngine"]/ConnectionString$</ConnectionString>
<DatabaseName>$Target/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.Database"]/DatabaseName$</DatabaseName>
<IntervalSeconds>43200</IntervalSeconds>
<SyncTime/>
<ConfigValue>DBChaining</ConfigValue>
<ExpectedValue>OFF</ExpectedValue>
<ExcludeOnExpress>false</ExcludeOnExpress>
<SQLSKU>$Target/Host/Property[Type="SQL2014Core!Microsoft.SQLServer.2014.DBEngine"]/Edition$</SQLSKU>
<TimeoutSeconds>300</TimeoutSeconds>
</Configuration>
</UnitMonitor>