With the Audit Data Changes (Database Content Audit in Netwrix Auditor 8.5 and below) option enabled in Netwrix Auditor for SQL Server, when you try to perform UPDATE/INSERT/DELETE operations in the audited database, an error is returned stating that the statements cannot be executed because the database owner SID cannot be resolved or SIDs do not match.
Example 1: Cannot execute as the database principal because the principal “dbo” does not exist, this type of principal cannot be impersonated, or you do not have permission.
Example 2: The database owner SID recorded in the master database differs from the database owner SID recorded in database <database_name>.
This can happen as a result of one of the following:
- An invalid account was assigned the database owner role for the database in question. For more details, refer to the following Microsoft KB article: http://support.microsoft.com/kb/913423/en-us
- The database in question has been restored from backup. The problem occurs if the database owner at the time of the backup operation does not match the user under whom the restore operation was performed.
To prevent the issue, it is recommended to:
- Check database properties. If the “owner” property is empty, it means the account assigned the database owner role is invalid
- Make sure database owners specified in the master database and in the database in question match each time you have restored an audited database from backup.
To resolve the issue, in SQL Server Management Studio, execute the following command:
ALTER AUTHORIZATION ON DATABASE::db_name TO sa
where “db_name” is a name of the corrupted database.
In the example above, the database system administrator (sa) account is used, but you can also use another account that has the required rights and permissions.
For a detailed explanation of the “alter authorization” command, refer to the following Microsoft article: Alter Authorization (Transact-SQL)