April 2, 2010 at 8:52 am
Hi Guys,
today i see that someone in navision can delete some accounts on sql server using the Navision application.
We kinda solved it by giving me a user account in Navision, so when it is synchronizing accounts it will not delete my admin accounts on that server.
Well here is the question in this.. since people just deny they deleted it or made a mistake..
How can i still prove they actually made a mistake in this?
Any help in this will be greatly appreciated.
April 2, 2010 at 9:27 am
In SQL Server 2005 you can create DDL triggers that can capture such events and log them to a table for reporting, and possibly prevent it.
I'd suggest that you start by reading up about DDL triggers in Books Online.
April 2, 2010 at 9:37 am
I supported Navision 4.x years back and it contained a Change Log table that if enabled would log just about everything a user did in Navision. If that account showed within Navisions "user list" I believe it would log if deleted. I used this many times on users that stated "I did not do it".
Another place to check for Navision things is mibuso.com. I got a good bit of information out of this forum. You can also try a script someone published from that site for audit purposes as well: http://www.mibuso.com/dlinfo.asp?FileID=351
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
April 2, 2010 at 9:40 am
There's also the default trace in SQL Server. I'd think it would log a drop of a user. I see a security event if I add one and then drop one
Here's a basic guide: http://www.sqlservercentral.com/articles/SQL+Server+2005/64547/
April 4, 2010 at 8:26 am
its worth pointing out that if the deleted account is not spotted straight away, the default trace may not be helpful. Depending how busy the server is as to how quickly the trace files cycle and the data becomes lost. 😉
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
April 5, 2010 at 5:02 pm
I would go with the DDL triggers and audit the database in that regard. This would help ensure that the pertinent action is recorded.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
April 8, 2010 at 1:03 am
Well it seems i found the trace at last were i found the evidence.
Ofcourse the dear collegue was still in denal.
But what can you do about that.
Good thing everyone else knows it.
April 8, 2010 at 5:48 am
r.rozeboom (4/8/2010)
Well it seems i found the trace at last were i found the evidence.
its better to keep A DDL trigger just for future prospect.
-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
April 8, 2010 at 5:52 am
Oh don't worry its on now all the time..
you never know someone has a thing for deleting something useful.
April 8, 2010 at 10:05 am
r.rozeboom (4/8/2010)
Well it seems i found the trace at last were i found the evidence.Ofcourse the dear collegue was still in denal.
But what can you do about that.
Good thing everyone else knows it.
That is good to know. Thanks for the feedback.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply