Requested Feature: Nested Impersonation

[nullbind]

Would it be possible to implement nested impersonation capabilities in the scenario in which you cannot go straight to sysadmin? If not, am I missing an understanding as to why it is not possible?

[nullbind]

You are correct, nested impersonation is possible in SQL Server. Both at the SQL Server login and database user levels. We have done it manually a few times, but haven't taken the time to automate it yet. I'll put it in our follow up list, and see if we can get it addressed before EOY. I think we'd like to add the feature as a "-Recursive" or "-Nested" flag in the existing "Invoke-SQLAuditPrivImpersonateLogin" and "Invoke-SQLAuditPrivImpersonateLogin" functions.

[D00MFist]

Thanks for adding the feature request for me. I'll keep working on it and submit a pull request once I get a functioning version.

[nullbind]

No worries, thanks for reaching out. It should be a fun feature. I’m curious to see what trends it may uncover once we find an opportunity to run it on scale. Cool stuff!