Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase «««123

What, When and who? Auditing 101 Expand / Collapse
Author
Message
Posted Monday, December 5, 2011 5:23 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 5:36 AM
Points: 2,372, Visits: 6,768
That is true. From what I have seen, we have to use at least two of the new Auditing technology together to get the "Audit" to work.
SQL Audit actually does audit Who and when but not what.



-Roy
Post #1216218
Posted Monday, December 5, 2011 7:54 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Monday, December 15, 2014 3:02 AM
Points: 912, Visits: 1,500
You can have WHO and WHEN available to you using CT with the CHANGE_TRACKING_CONTEXT method posted in one of my last posts. Storing WHAT changed would be limited by the size of the VARBINARY(128) column so it wouldn't be a good solution.

CT is a lightweight solution available to all editions and it can be quite useful in situations where too much detail isn't needed.

Best regards,


Best regards,

Andre Guerreiro Neto

Database Analyst
http://www.softplan.com.br
MCITPx1/MCTSx2/MCSE/MCSA
Post #1216320
Posted Monday, December 5, 2011 7:56 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 2:11 PM
Points: 35,772, Visits: 32,441
I'll definitely wait for the other articles from Roy but, right now, I'm thinking I'll still with some good ol' fashioned, high performance audit triggers.

--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #1216758
Posted Friday, December 12, 2014 5:34 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Wednesday, December 17, 2014 8:55 AM
Points: 48, Visits: 65
This article and the subsequent one are very well done from a technical perspective. I think more emphasis needs to be added as to why auditing needs to be done. Many of the data problems we have are a result of internal people accessing or modifying data for their own benefit. I spent a good many years in the late '80s and early '90s as an internal auditor for Martin Marietta Astronautics Group. You would be amazed at how many people tried to modify database entries when it would affect their bonuses. In the middle 90's working as an internal employee for a consulting company we had a recruiter in one case and a sales rep in another attempt to export all the recruiting contacts and sales contacts. In the mid 2000's I worked as a application and database developer for a small international company. With about 36 people total in the company we had two who individuals who maliciously attempted to modify data. One of the two attempted to export all the company contacts for his own future benefit.

What is so amazing is that these kinds of issues are common across the scope of the business and government world. These actions provide me with a high level of distrust of individuals when it comes to protecting the data in the company I work for. The data in our databases is a vary valuable commodity for our organizations. We, in the IT end of the business, have a fiduciary responsibility to protect it from technical flaws and human flaws. Building in security, and auditing is a part of security, is paramount to our fulfilling our duty to our employers.

Post #1643687
Posted Friday, December 12, 2014 6:20 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 5:36 AM
Points: 2,372, Visits: 6,768
You have a great point Eric. I should have given a bit more importance on why we need to do Auditing. And you have pointed out one of my weakness in all my articles. I usually dont give much importance on what are the uses of a particular functionality. I will keep that in mind next time I write one.

-Roy
Post #1643707
« Prev Topic | Next Topic »

Add to briefcase «««123

Permissions Expand / Collapse