執行 SQL Server Profiler 所需的權限Permissions Required to Run SQL Server Profiler

本主題的適用對象: 是SQL Server沒有Azure SQL Database沒有Azure SQL 資料倉儲沒有Parallel Data WarehouseTHIS TOPIC APPLIES TO: yesSQL ServernoAzure SQL DatabasenoAzure SQL Data Warehouse noParallel Data Warehouse

根據預設,執行 SQL Server ProfilerSQL Server Profiler 時,所需的使用者權限與用來建立追蹤的 Transact-SQL 預存程序相同。By default, running SQL Server ProfilerSQL Server Profiler requires the same user permissions as the Transact-SQL stored procedures that are used to create traces. 若要執行 SQL Server ProfilerSQL Server Profiler,使用者必須被授與 ALTER TRACE 權限。To run SQL Server ProfilerSQL Server Profiler, users must be granted the ALTER TRACE permission. 如需詳細資訊,請參閱 GRANT 伺服器權限 (Transact-SQL)For more information, see GRANT Server Permissions (Transact-SQL).

重要

具有 SHOWPLAN、ALTER TRACE 或 VIEW SERVER STATE 權限的使用者可以檢視執行程序表輸出中所擷取的查詢。Users who have the SHOWPLAN, the ALTER TRACE, or the VIEW SERVER STATE permission can view queries that are captured in Showplan output. 這些查詢可能會包含類似密碼的敏感資訊。These queries may contain sensitive information such as passwords. 因此,我們建議您只能將這些權限授與給有權檢視敏感資訊的使用者,例如 db_owner 固定資料庫角色的成員或是 sysadmin 固定伺服器角色的成員。Therefore, we recommend that you only grant these permissions to users who are authorized to view sensitive information, such as members of the db_owner fixed database role, or members of the sysadmin fixed server role. 此外,我們也建議您只將執行程序表檔案或是包含與執行程序表相關之事件的追蹤檔案儲存到使用 NTFS 檔案系統的位置,並建議您將存取權限制為有權檢視敏感資訊的使用者。Additionally, we recommend that you only save Showplan files or trace files that contain Showplan-related events to a location that uses the NTFS file system, and that you restrict access to users who are authorized to view sensitive information.

用來重新執行追蹤的權限Permissions Used to Replay Traces

重新執行追蹤時,執行的使用者也必須要有 ALTER TRACE 權限。Replaying traces also requires that the user who is replaying the trace have the ALTER TRACE permission.

然而,在重新執行期間,如果所重新執行的追蹤發生「稽核登入」事件,則 SQL Server ProfilerSQL Server Profiler 會使用 EXECUTE AS 命令。However, during replay, SQL Server ProfilerSQL Server Profiler uses the EXECUTE AS command if an Audit Login event is encountered in the trace that is being replayed. SQL Server ProfilerSQL Server Profiler 會使用 EXECUTE AS 命令來模擬與該登入事件有關的使用者。 uses the EXECUTE AS command to impersonate the user who is associated with the login event.

如果 SQL Server ProfilerSQL Server Profiler 在重新執行的追蹤中發生登入事件,就會執行下列權限檢查:If SQL Server ProfilerSQL Server Profiler encounters a login event in a trace that is being replayed, the following permission checks are performed:

  1. User1 (具有 ALTER TRACE 權限) 開始重新執行追蹤。User1, who has the ALTER TRACE permission, starts replaying a trace.

  2. 在重新執行的追蹤中,User2 發生登入事件。A login event for User2 is encountered in the replayed trace.

  3. SQL Server ProfilerSQL Server Profiler 使用 EXECUTE AS 命令來模擬 User2。 uses the EXECUTE AS command to impersonate User2.

  4. SQL ServerSQL Server 嘗試驗證 User2,根據驗證結果,會發生下列其中一種情形: attempts to authenticate User2, and depending on the results, one of the following occurs:

    1. 如果無法驗證 User2, SQL Server ProfilerSQL Server Profiler 會傳回錯誤,並以 User1 的身分繼續重新執行追蹤。If User2 cannot be authenticated, SQL Server ProfilerSQL Server Profiler returns an error, and continues replaying the trace as User1.

    2. 若成功驗證 User2,就會以 User2 的身分繼續重新執行追蹤。If User2 is successfully authenticated, replaying the trace as User2 continues.

  5. 在目標資料庫上檢查 User2 的權限,根據檢查結果,會發生下列其中一種情形:Permissions for User2 are checked on the target database, and depending on the results, one of the following occurs:

    1. 如果 User2 擁有目標資料庫的權限,則已模擬成功,而且是以 User2 的身分來重新執行追蹤。If User2 has permissions on the target database, impersonation has succeeded, and the trace is replayed as User2.

    2. 如果 User2 沒有目標資料庫的權限,伺服器會檢查該資料庫上是否有 Guest 使用者。If User2 does not have permissions on the target database, the server checks for a Guest user on that database.

  6. 在目標資料庫上檢查是否有 Guest 使用者,根據檢查結果,會發生下列其中一種情形:Existence of a Guest user is checked on the target database, and depending on the results, one of the following occurs:

    1. 若有 Guest 帳戶存在,就會以 Guest 帳戶來重新執行追蹤。If a Guest account exists, the trace is replayed as the Guest account.

    2. 如果目標資料庫沒有 Guest 帳戶,就會傳回錯誤,並以 User1 的身分來重新執行追蹤。If no Guest account exists on the target database, an error is returned and the trace is replayed as User1.

    下圖顯示重新執行追蹤時,檢查權限的程序:The following diagram shows this process of checking permission when replaying traces:

    SQL Server Profiler 重新執行追蹤權限SQL Server Profiler replay trace permissions

另請參閱See Also

SQL Server Profiler 預存程序 (Transact-SQL) SQL Server Profiler Stored Procedures (Transact-SQL)
重新執行追蹤 Replay Traces
建立追蹤 (SQL Server Profiler) Create a Trace (SQL Server Profiler)
重新執行追蹤資料表 (SQL Server Profiler) Replay a Trace Table (SQL Server Profiler)
重新執行追蹤檔案 (SQL Server Profiler)Replay a Trace File (SQL Server Profiler)