The best place to get it is from sys.conversation_endpoints
.
Whenever you are faced with the issue that your application requires privileges not held by the current user the best option is to leverage code signing. SQL Server allows an administrator to inspect and sign stored procedures, using certificates, and grant permissions to the signature. This allows an user to invoke the procedure and the procedure can access information not directly accessible to the user.
See signing Activated Procedures for an example.
As to why you can't see your own conversations: imho it's a bug. Running sp_helptext 'sys.conversation_endpoints'
shows the permissions filter applied:
CREATE VIEW sys.conversation_endpoints AS
SELECT ce.conversation_handle,
...
FROM sys.conversation_endpoints$ ce
LEFT JOIN sys.syssingleobjrefs f
ON f.depid = ce.service_id
AND f.class = 21
AND f.depsubid = 0 -- SRC_SVCTOQUEUE
WHERE has_access('CO', f.indepid) = 1
The view shows conversations for which the user has CONTROL access over the queue of the service to which the dialog belongs (it takes some know-how about syssingleobjrefs
to understand what the view condition is, but that what it translates to). The permission check should be for RECEIVE
permission, because that is the permission required to BEGIN DIALOG
/SEND
/END
messages on this service:
To begin a dialog, the current user must have RECEIVE permission on the queue for the service specified in the FROM clause of the command and REFERENCES permission for the contract specified
To send a message, the current user must have RECEIVE permission on the queue of every service that sends the message.
The MSND is actually wrong on the topic of END CONVERSATION
permissions when it says 'To end an active conversation, the current user must be the owner of the conversation, a member of the sysadmin fixed server role or a member of the db_owner fixed database role'. The required permission is the same as one for SEND
(this can be easily tested).
It can be easily argued that if you can manipulate a securable (and SEND, END are clearly manipulating conversations) then one should be able to see the metadata of the securable being manipulated.