SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Architecture for Auditing

By Steve Jones,

In the analog world, when we need to provide an auditing system for checking on physical activity, we usually separate out the roles of people that might record or track activity from those that perform activities. The better separation we have between individuals, the better we can usually ensure our auditing records are intact, complete, and trustworthy. We certainly have issues in the real world achieving these goals, but overall things work well.

In our digital systems, however, auditing seems to be bolted on to the systems and not designed with the need to separate duties and protect our auditing records from tampering. I would have hoped that many of the software platforms (Oses, RDBMSs, etc) over the years would have recognized this (along with security) and enabled auditing as a function separate from Administrator/root/sa/etc, but it hasn't happened. Far too often, we've operated under the assumption that administrators can, and should, be trusted.

In SQL Server, most all of the auditing mechanisms are enabled, managed, and reviewed by administrators. While viewing is certainly helpful, and perhaps necessary, for good administration, there ought to be a way to enable auditing that doesn't require DBAs to manage it. There ought to be some role for auditors, one that allows an independent individual (or group), to access the record of actions taken on the instance.

Perhaps it's not as big a concern for the world as I think it is. In most cases, auditing data exists to help solve problems, not to ensure a legal record of activity for sensitive actions. If that's the case, then SQL Server provides lots of choices and options for the auditing of your system. Extended Events, SQL Audit, and more are valuable tools for the DBA. I'm just not sure their value extends beyond being useful tools.

Total article views: 134 | Views in the last 30 days: 1
Related Articles

Disconnecting Auditing

Currently we have system administrators responsible for securing our systems, including the auditing...


Audit Trails and Logging Part II

Continuing with Part II of his auditing series, Gsquared takes a look at active auditing techniques ...


You pulled BUILTIN\Administrators, but are you auditing?

The conversation on local administrators having rights in SQL Server has proven to be interesting an...


Auditing Your SQL Server - Part 1

A new series that examines how you audit activity in SQL Server. The first part looks at simple data...


Azure DWH part 25: Auditing and threat detection

In this new article, we will show how to audit the Data Warehouse Activities.