For this I had to combine 3 blog articles:
Step 1: Configure Database Mail
Follow the instructions here: http://www.mssqltips.com/sqlservertip/1100/setting-up-database-mail-for-sql-2005/
Summary of steps (with minor variations):
- Select "Configure Database Mail" by left clicking on "Database Mail"
- "Manage Database Mail accounts and profiles"... Next
- Create a new profile... Next
- Configure Profile:
- Profile name: "SQLAlerts"
- New Account
- Account name: "SQLAlerts"
- E-mail address: firstname.lastname@example.org (this will be shown in "sender" e-mail field)
- Display Name: My SQL Server (this will be shown as display name in "sender" e-mail field)
- Server Name: smtp.example.com (outgoing SMTP server)
- ... configure authentication
Step 2: Create new Operator and Alert
Summary of steps:
- Under "SQL Server Agent" right click on Operators and select "New Operator..."
- Name: "DBA"
- E-mail name: email@example.com
- Right click on "SQL Server Agent" and choose "Properties"
- Choose "Alert System" on the left hand side
- Check "Enable mail profile"
- If you have more than one mail profile configured, then choose the desired one
- Right click on "SQL Server Agent" and choose "Restart"
- Under "SQL Server Agent" right click on "Alerts" and select "New Alert..."
- Under "General" tab:
- Name: "14 - Insufficient Permission"
- Severity: "14 - Insufficient Permission"
- Under "Response" tab:
- Check "Notify operators"
- Check E-mail options of those operators that should be notified about an error
- Under "Options" tab
- Check "E-mail" checkbox in order to include error description in the mail text
This is the point where your alert sending has been configured, and you're wondering "Why I'm not getting error reports about insufficient permissions?!" Here comes the third step:
Step 3: Alter messages
Corresponding blog article: http://www.simple-talk.com/sql/database-administration/sql-server-alerts-soup-to-nuts/
In order to SQL Server Agent detect errors, they must be written to Application Event Log, but most of them are not. That can be changed using "sp_altermessage" database engine stored procedure. For errors that you would like to receive, execute this query:
sp_altermessage 229, 'WITH_LOG', 'true';
This particular query will enable reporting messages like "The SELECT permission was denied on the object 'mytable', database 'bydb', schema 'dbo'" to application log (and with that - e-mail).
You can explore messages that you could be interested in with this query:
The SELECT permission was denied on the object 'prkad', database 'person', schema 'dbo'