Configure an MS SQL Database check

Configure an MS SQL Database control to execute custom SQL statements on MS SQL databases and create corresponding policy reports.

Identify this control

The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category and sub-category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.

Control Technologies

Your control may apply to many technologies. In case the values for each technology is different then select each technology you're interested in individually and provide a rationale, statement and description for this control.

If you plan to use the same values for many technologies you need to specify them only once. Define your values in the "Default Values for Control Technologies" section first and then select the check box for each technology you want or click Apply to All Technologies. The values get copied automatically to each technology that you select.


Enter a rationale statement describing how the control should be implemented for each technology.

SQL Statement

Enter your SQL statement here. This value can have a maximum of 32000 characters. Only SELECT Statements are supported for this check.

Make sure you only use supported output data types when forming SQL statements. If you use an unsupported data type in the SQL statement, the control posture results in Error. To avoid this, use only supported data types.

Supported data types:
bit, decimal, numeric, char, varchar, nchar, nvarchar, smalldatetime, datetime, datetime2, date, time , datetimeoffset, int, tinyint, smallint, bigint, smallmoney, money, float, real


Describe your SQL statement here and it will appear in compliance policies and reports. You can also add your SQL statement to the description if you wish to view it in policies and reports.


Add remediation steps for this check.

Reporting Options

We'll report the compliance status (Passed, Failed or Error) for each control instance in your compliance reports and on your PC dashboard. The status Error is returned in cases where errors occurred during control evaluation. This means the control was not tested for compliance.

If you do not want to see the Error status then you can ignore these errors and set their status to Pass or Fail. This will reflect in your reports accordingly.


Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://.  For example, enter to link to the Qualys web site. Once added users have the option to include references in policy reports.


Quick Links

User-Defined Controls

Database User-Defined Controls

User-Defined Controls FAQs

Good to Know

We'll return a maximum of 256 rows. You can lower this limit in the compliance option profile.