Jeff, Guardium captures the activity and provides very granular reporting capabilities (who did what when). It's read-only as far as interaction with SQL Server. A Guardium user can't do anything to the data, config, etc. It lives inside the SQL process space, so it can't be turned off without stopping the SQL instance.
I know audit is painful, but it's an absolute in my industry.
Yep... Sounds good, especially the part about it being read-only as far as the interaction with SQL Server goes. But even there, someone has the keys to it and there's just no getting around that. Yes, I realize that there should be a practical limit to who's guarding who but the auditors don't think so. Some of the rules are becoming totally ridiculous but still have little impact. Even the IRS was recently broken into recently. Did they pass their audit? Did they even have an audit?
So far as audits go, yes, they are painful and they're an absolute necessity in my industry as well. My point is that they are becoming more and more painful unnecessarily. Companies want audits from us and we certainly embrace the reasons why they are asking but answering the same questions with slightly different wording in 20 different sections of a ridiculously thick document is a waste of everyone's time. They also ask for stupid things like a list of people "who have access" and they want screen shots and all sorts of proof. What's wrong with that? They could easily all be faked because there's no oversight or supervision of the people doing the screen shots or other proofs, etc. It's just stupid but they keep making the grease spot of audits larger and larger and with no real guarantee that the information is even accurate. It's especially frustrating when the people who want the audit done don't have a clue as to what the results are trying to tell them. It's like someone in HR trying to do a technical interview for a position that only a true SQL Server god could fill when all they really need is someone that knows T-SQL real well and they don't know what to ask the candidates.
is pronounced "ree-bar
" and is a "Modenism
" for R
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.
"Change is inevitable... change for the better is not".
"Dear Lord... I'm a DBA so please give me patience because, if you give me strength, I'm going to need bail money too!"
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)