September 25, 2015 at 9:35 am
I created a trigger (ON ALL Server) to capture the DDL commands and write to a table, conceded grant to insert the logins that have in the instance.
However I have an application that login of the database by Active Directory, these User has no privilege to insert record in the table, and the trigger fails.
Does anyone have any idea how to solve?
September 25, 2015 at 10:04 am
if your DDL trigger is writing to a table, you want to either have the trigger EXECUTE AS OWNER, or maybe GRANT INSERT ON MyAuditTable TO PUBLIC, so that no matter who does something, it can save the data you want to capture.
Lowell
September 25, 2015 at 10:09 am
I did "GRANT INSERT on MyauditTable to PUBLIC", but did not work.
September 25, 2015 at 10:10 am
IF EXECUTE AS OWNER, I don`t get SYSTEM_USER.
September 25, 2015 at 11:49 am
i believe the function ORIGINAL_LOGIN() will return the caller, regardless of execute as.
Lowell
September 25, 2015 at 11:50 am
fabio.lopes (9/25/2015)
I did "GRANT INSERT on MyauditTable to PUBLIC", but did not work.
"did not work" doesn't provide enough info.
it depends on what your trigger is doing. if it is doing any objectother than INSERT into MyauditTable (meaning select or join will fail with that explcit permission too), that would stop the trigger as well.
what is the specific error you get?
Lowell
September 25, 2015 at 11:55 am
worked with ORIGINAL_LOGIN().
Thanks friend.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply