Given two separate SQL Server (both have version Microsoft SQL Server 2016 (SP2-CU5) (KB4475776) - 13.0.5264.1 (X64) )
with having some AlwaysOn High Availability groups.
We created a SQL Login on both server with only public rights with the script show below.
The problem is that on ServerA the user can see the content of sys.availability_groups while on ServerB it cannot see anything.
By default the user shouldn't see any content of the system view.
USE [master] GO CREATE LOGIN [test_user] WITH PASSWORD=N'passw0rd', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF GO CREATE USER [test_user] FOR LOGIN [test_user] GO execute as login = 'test_user' go select suser_name() GO SELECT * FROM [master].[sys].[availability_groups];
The following script is used to check the existing rights:
select * from sys.server_permissions per
join sys.server_principals pri on per.grantee_principal_id = pri.principal_id
where per.permission_name in ('VIEW DEFINITION', 'VIEW ANY DEFINITION')
and pri.name = 'test_user'