Share all details related to your problem, including any error messages you may have received.
I am trying to fetch the details of link accounts which are present in MSSQL type application by writing a query. Below is the query
SELECT sp.name AS login,
sp.type_desc AS login_type,
sl.password_hash,
sp.create_date,
sp.modify_date,
CASE WHEN sp.is_disabled = 1 THEN ‘Disabled’
ELSE ‘Enabled’ END AS status,
STRING_AGG(r.name, ‘,’) AS Roles,
m.name AS Principal
FROM sys.server_principals sp
LEFT JOIN sys.sql_logins sl
ON sp.principal_id = sl.principal_id
LEFT JOIN master.sys.server_role_members rm
ON sp.principal_id = rm.member_principal_id
LEFT JOIN master.sys.server_principals r
ON r.principal_id = rm.role_principal_id AND r.type = ‘R’
LEFT JOIN master.sys.server_principals m
ON m.principal_id = rm.member_principal_id
WHERE sp.type NOT IN (‘G’, ‘R’)
GROUP BY sp.name, sp.type_desc, sl.password_hash, sp.create_date, sp.modify_date, sp.is_disabled, m.name;
By using this query I am able to get the roles for some of the users , but not for all the users. Attaching screenshot
If we see it is not fecthing details for " ##MS_PolicySigningCertificate##" this account has role i.e.“PolicyAdministratorRole@msdb”
How to fecth all the roles for the particular to the account ?
Hi @SDM007,
Just trying to understand your query here
Have you onboarded MSSQL application as a target and you have accounts here
You want to get the roles present in each of the account ?
Please recheck your query, you might be putting some filters in the query which is filtering out the result.
Also, when you are running this query on MSSQL client, Are you getting the desired result? If not, get in touch with the MSSQL application team to share the appropriate query with you, as this is the responsibility of Application Team to supply all the necessary data. We are mainly looking into the configuration and customization associated with Sailpoint IIQ.
Thank you!