Issue #3334: sp_Blitz Fails because of permissions

Montro1981 · Montro1981 · commit a015e051f161 · 2023-09-14T10:51:13.000+02:00
diff --git a/sp_Blitz.sql b/sp_Blitz.sql
@@ -198,7 +198,8 @@ AS
 			,@SkipMSDB bit = 0
 			,@SkipModel bit = 0
 			,@SkipTempDB bit = 0
-			,@SkipValidateLogins bit = 0;
+			,@SkipValidateLogins bit = 0
+            ,@SkipModelCheck BIT = 0;
 
 			DECLARE
 			    @db_perms table
@@ -219,7 +220,7 @@ AS
                 fmp.permission_name
             FROM sys.databases AS d
             CROSS APPLY fn_my_permissions(d.name, 'DATABASE') AS fmp
-            WHERE fmp.permission_name = N'SELECT' /*Databases where we don't have read permissions*/
+            WHERE fmp.permission_name = N'SELECT'; /*Databases where we don't have read permissions*/
             
             /* End of declarations for First Responder Kit consistency check:*/
         ;
@@ -307,6 +308,31 @@ AS
                 SET @SkipValidateLogins = 1;
             END; /*Need execute on sp_validatelogins*/
 
+			IF EXISTS
+            (
+                SELECT 1/0
+                FROM @db_perms
+                WHERE database_name = N'model'
+            )
+            BEGIN
+                BEGIN TRY
+                    IF EXISTS
+                    (
+                        SELECT 1/0
+                        FROM model.sys.objects
+                    )
+                    BEGIN
+                        SET @SkipModelCheck = 0; /*We have read permissions in the model database, and can view the objects*/
+                    END;
+                END TRY
+                BEGIN CATCH
+                    SET @SkipModelCheck = 1; /*We have read permissions in the model database ... oh wait we got tricked, we can't view the objects*/
+                END CATCH;
+            END;
+            ELSE
+            BEGIN
+                SET @SkipModelCheck = 1; /*We don't have read permissions in the model database*/
+            END;
 		END;
 
 		SET @crlf = NCHAR(13) + NCHAR(10);
@@ -467,11 +493,11 @@ AS
 		);
 
 		/*Skip individial checks where we don't have permissions*/
-		INSERT #SkipChecks (DatabaseName, CheckID, ServerName)
-		SELECT
-		    v.*
-		FROM (VALUES(NULL, 29, NULL)) AS v (DatabaseName, CheckID, ServerName) /*Looks for user tables in model*/
-		WHERE NOT EXISTS (SELECT 1/0 FROM @db_perms AS dp WHERE dp.database_name = 'model');
+        INSERT #SkipChecks (DatabaseName, CheckID, ServerName)
+        SELECT
+            v.*
+        FROM (VALUES(NULL, 29, NULL)) AS v (DatabaseName, CheckID, ServerName) /*Looks for user tables in model*/
+        WHERE @SkipModelCheck = 1;
 
 		INSERT #SkipChecks (DatabaseName, CheckID, ServerName)
 		SELECT
