Trustworthy Configuration

Microsoft.SQLServer.Linux.Monitor.Database.TrustWorthyConfiguration (UnitMonitor)

Monitors the Trustworthy setting for the database. Note that this monitor is disabled by default. Use overrides to enable it when necessary.

Knowledge Base article:

Summary

This monitor checks the Trustworthy database setting. Since this monitor is part of the overall standard requirements, an alert would be generated if the setting does not meet the specified standard.

Configuration

The TRUSTWORTHY setting is used to indicate whether the instance of SQL Server trusts the database and the contents within it. When the Trustworthy setting is ON, database modules (for example, user-defined functions or stored procedures) that use an impersonation context can access resources outside the database.

To minimize security risks, TRUSTWORTHY should be OFF. When it is OFF, “EXECUTE AS USER” is scoped to the database itself and only those CLR assemblies marked as SAFE can be used. You should only have it ON if you are sure that your application requires it.

TRUSTWORTHY {ON | OFF}

Causes

A warning alert will be raised if the option does not match the required setting. Out of the box, the monitor is configured to alert when this setting is set to “ON”.

Resolutions

This issue may be resolved by:

Alternatively, if this monitor is not of concern for this database:

External

See the detailed information about this setting: ALTER DATABASE SET Options (Transact-SQL)

Overridable Parameters

Name

Description

Default Value

Alert Priority

Defines Alert Priority.

Normal

Alert Severity

Defines Alert Severity.

Warning

Enabled

Enables or disables the workflow.

No

Expected Value

Expected value of database configuration setting. To view the set of applicable values please refer to "Configuration" section of the knowledge base article of this monitor.

OFF

Generates Alerts

Defines whether the workflow generates an Alert.

Yes

Interval (seconds)

The recurring interval of time in seconds in which to run the workflow.

43200

Synchronization Time

The synchronization time specified by using a 24-hour format. May be omitted.

 

Timeout (seconds)

Specifies the time the workflow is allowed to run before being closed and marked as failed.

300

Timeout for query execution (seconds)

The workflow will fail and register an event, if the query execution takes longer than the specified period.

60

Timeout for database connection (seconds)

The workflow will fail and register an event, if it cannot access the database during the specified period.

15

Element properties:

TargetMicrosoft.SQLServer.Linux.Database
Parent MonitorMicrosoft.SQLServer.Linux.Rollup.Database.ExternalAccessConfiguration
CategoryConfigurationHealth
EnabledFalse
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.SQLServer.Linux.MonitorType.Database.DBConfigurationStatus
RemotableTrue
AccessibilityPublic
Alert Message
MSSQL on Linux: Trustworthy Configuration Error
The trustworthy setting for database "{2}" on SQL Server instance "{1}", computer "{0}" is not set according to the best practices.
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.SQLServer.Linux.Monitor.Database.TrustWorthyConfiguration" Accessibility="Public" Enabled="false" Target="SqlDiscL!Microsoft.SQLServer.Linux.Database" ParentMonitorID="Microsoft.SQLServer.Linux.Rollup.Database.ExternalAccessConfiguration" Remotable="true" Priority="Normal" TypeID="Microsoft.SQLServer.Linux.MonitorType.Database.DBConfigurationStatus" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.SQLServer.Linux.Monitor.Database.TrustWorthyConfiguration.AlertMessage">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/MachineName$</AlertParameter1>
<AlertParameter2>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/InstanceName$</AlertParameter2>
<AlertParameter3>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.Database"]/DatabaseName$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="ConfigurationValueOK" MonitorTypeStateID="ConfigurationValueOK" HealthState="Success"/>
<OperationalState ID="ConfigurationValueNotOK" MonitorTypeStateID="ConfigurationValueNotOK" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<MachineName>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/MachineName$</MachineName>
<NetbiosComputerName>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/NetbiosComputerName$</NetbiosComputerName>
<InstanceName>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/InstanceName$</InstanceName>
<DatabaseName>$Target/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.Database"]/DatabaseName$</DatabaseName>
<ConfigName>TrustWorthy</ConfigName>
<ExpectedValue>OFF</ExpectedValue>
<ConnectionString>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/ConnectionString$</ConnectionString>
<InstanceVersion>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/Version$</InstanceVersion>
<InstanceEdition>$Target/Host/Property[Type="SqlCoreLib!Microsoft.SQLServer.Core.DBEngine"]/Edition$</InstanceEdition>
<SqlExecTimeoutSeconds>60</SqlExecTimeoutSeconds>
<SqlTimeoutSeconds>15</SqlTimeoutSeconds>
<TimeoutSeconds>300</TimeoutSeconds>
<IntervalSeconds>43200</IntervalSeconds>
<SyncTime/>
</Configuration>
</UnitMonitor>