FIX: SQL Server Profiler fails to obfuscate sp_setapprole when it's executed from a remote procedure call in SQL Server

Applies to: SQL Server 2012 EnterpriseSQL Server 2012 DeveloperSQL Server 2012 Enterprise Core

Symptoms


Assume that you use SQL Server Profiler to capture the SP:Starting and SP:Completed events in SQL Server.

When the sp_setapprole stored procedure is executed from a remote procedure call, the query statement is logged in the trace log in clear text. However, you expect it to be replaced with an obfuscated value that resembles the following:

-- 'sp_setapprole' was found in the text of this event.

-- The text has been replaced with this comment for security reasons.

Resolution


This issue is fixed in the following cumulative updates and service pack for SQL Server:

Cumulative Update 6 for SQL Server 2016 RTM

Cumulative Update 3 for SQL Server 2016 SP1

Cumulative Update 5 for SQL Server 2014 SP2

Cumulative Update 12 for SQL Server 2014 SP1

Cumulative Update 8 for SQL Server 2012 Service Pack 3

Service pack information for SQL Server 2016

This issue is fixed in the following service pack for SQL Server:

       Service Pack 2 for SQL Server 2016

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology that Microsoft uses to describe software updates.