My SOX requirements are that I need to monitor when any changes are made to user privileges - if someone is granted new access, etc. Ideally also when a new user is created.
I have a trace running from SQL Profiler now but that is a pain because everytime the server is rebooted I have to stop the trace, save thefile and start a new trace.
I have to monitor this on 6 different servers.
Does anyone know of a better way to monitor this? Procedures or third part software?
While I've never done this personally, it still may be a valid solution for you. Have you considered using server-side tracing, such as with sp_trace_create? Once that is created you could create a job that starts when SQL Agent starts (presumably on startup) that would run "sp_trace_status @traceid, 1" to start the trace. Hope that helps.
We looked at doing a server side trace which worked. We decided for time and effort that it was better to purchased DB Audit. It does a server side trace but has a simple gui interface to view reports. Very easy to use
I have a similar situation.
I plan to look into the "SQL Compliance Manager" product by Idera. I haven't evaluated it yet, other than reading their datasheet, so I can't offer an opinion about it one way or another.
I currently use their SQLdm SQL Diagnostic software and have been pleased with it. Like many of these types of products, they don't really tell you things you can't obtain otherwise, but they wrap them up into a convenient package that is easy to use. So if you're not into "rolling your own" DB utilities and can spend some money it may be a reasonable solution.