Need to audit changes in permissions

  • Sharif-217569

    Old Hand

    Points: 322

    My SOX requirements are that I need to monitor when any changes are made to user privileges - if someone is granted new access, etc. Ideally also when a new user is created.

    I have a trace running from SQL Profiler now but that is a pain because everytime the server is rebooted I have to stop the trace, save thefile and start a new trace.

    I have to monitor this on 6 different servers.

    Does anyone know of a better way to monitor this? Procedures or third part software?

     

    Thanks.

  • Brian Fenton

    SSC-Addicted

    Points: 429

    While I've never done this personally, it still may be a valid solution for you. Have you considered using server-side tracing, such as with sp_trace_create? Once that is created you could create a job that starts when SQL Agent starts (presumably on startup) that would run "sp_trace_status @traceid, 1" to start the trace. Hope that helps.

    Brian

  • Erick Bailey

    SSCommitted

    Points: 1787

    We looked at doing a server side trace which worked. We decided for time and effort that it was better to purchased DB Audit. It does a server side trace but has a simple gui interface to view reports. Very easy to use

     

  • Rick Binns

    SSC Enthusiast

    Points: 128

    We did a server side trace as well. We use a SQL job with a DTS package to stop the traces, import the data to tables (for reporting purposes later) and then restart the traces every hour.

  • Jigar Lakhani

    SSC Enthusiast

    Points: 156

    Rick,

    can you post more information on how you accomplished your tasks? code would be great!

    thanks

  • Ed Zann

    SSCrazy Eights

    Points: 8694

    I have a similar situation.

    I plan to look into the "SQL Compliance Manager" product by Idera. I haven't evaluated it yet, other than reading their datasheet, so I can't offer an opinion about it one way or another.

    http://www.idera.com/Products/SQLcm/

    I currently use their SQLdm SQL Diagnostic software and have been pleased with it.  Like many of these types of products, they don't really tell you things you can't obtain otherwise, but they wrap them up into a convenient package that is easy to use.  So if you're not into "rolling your own" DB utilities and can spend some money it may be a reasonable solution.

  • nitin.doshi

    Ten Centuries

    Points: 1221

    Instead of using profiler trace, using event notification we can store records for required events in a table. Laster, using SSRS a report can be developed which displays changes done...

  • MarkusB

    SSC-Dedicated

    Points: 37369

    nitin.doshi (5/26/2009)


    Instead of using profiler trace, using event notification we can store records for required events in a table. Laster, using SSRS a report can be developed which displays changes done...

    I agree.

    Event Notifications would probably be the best option without using third-party tools but since this is posted in the SQL 2000 forum this would not be available.

    [font="Verdana"]Markus Bohse[/font]

  • nitin.doshi

    Ten Centuries

    Points: 1221

    HI Markus,

    I agree that for 2000 we need to do it by profiler or third party tool.

    For 2005, for events like security changes/schema changes I have tested using Notification. But could not find anything to audit changes like job creation/updation/deletion. Do U know how to monitor the same...

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply