Tracking SQL Server Database Permission Changes
'Coming back after a long weekend – on a Monday morning, we found one of our services to be down in our Test environment.
Looking at the server event logs, we found the error message in the stack trace – ‘System.Data.SqlClient.SqlException: Login failed for user‘.
We tracked the issue back to a service account which got removed from the database. Once we added the account, the service was up and running.
Now the next obvious question was who/when/why made the change to the service account? Did someone manually make the change or was it caused by a deployment? Was the change intentional or just a mistake?
While troubleshooting issues, viewing the SQL Server logs is beneficial since it contains information about user-defined events and also few system events.
You will be able to find information like – when the SQL Server instance has stopped and restarted, Memory issues, Login Failures or any other potential issues. However I did not find any information relating to adding/deleting user accounts or user permission changes on a SQL Instance.
'...
https://samirbehara.com/2017/12/07/tracking-sql-server-database-permission-changes/