Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Audit SQL account usage Expand / Collapse
Author
Message
Posted Friday, December 10, 2004 2:56 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, March 24, 2010 1:57 PM
Points: 140, Visits: 57

To comply with SOX requirements we have established Maintenance accounts that are checked out (given a key/password).  The account is good for a peroid of time before the password gets changed.  I have the requirement to audit the activities of the accounts.  What is the easiest way to do this?  Profiler does'nt seem like an option because of the ongoing nature and amount of accounts to monitor.  Do I need a log reader software and if so which one can track changes by account name?

Post #150508
Posted Friday, December 10, 2004 4:48 PM
SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: Moderators
Last Login: Today @ 7:25 AM
Points: 8,369, Visits: 740
Sorry setting up a permanent trace on the server that outputs to file, Profiler or a tool like profiler will be required to capture all of those details as SELECTs are not logged nor are they otherwise auditable. I have seen serveral SOX requirements and am curious what your system is for that requires such a strenuoues auditing of action. As well you can audit all you like but it can only tell what they looked at, not neccessarily what they did with it. If your server's data is under SOX scrutiny then you need to make sure that application side is logging what is going on as well since you cannot actually see that.


Post #150525
Posted Tuesday, December 14, 2004 7:33 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, March 24, 2010 1:57 PM
Points: 140, Visits: 57
Since my post I have checked out Lumigent's ENTEGRA product it seems to be geared toward exactly these type of situations.  I will be evaluating this product in the next week and should have more feedback.  Our SOX auditors have told us to be in compliance we need the ability to track any changes made outside the normal interface of a product.  There is nothing in SOX that I know of that requires the ability to track changes from within the application.  I know what your thinking and yes is doesn't make sense but thats the world we live in after Enron!  The application is a customer service record applications that tracks service and billable hours to customers.  because of the financial data it tracks it falls under our SOX requirements.  Our company feels we should be using the same change management processes for all databases so I have to implement these rules on everything I now administer.  yes Ouch!  
Post #151080
Posted Wednesday, December 15, 2004 6:44 AM
SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: Moderators
Last Login: Today @ 7:25 AM
Points: 8,369, Visits: 740
Remember to ask for a payraise and and nice corner window office.


Post #151140
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse