SQL Server data change and Security -
in our environ user login sa can change table data.
so write trigger capture changed data change, ip etc this
create trigger [trg_users] on [dbo].[userrights] after insert, update, delete declare @strip varchar(max) set @strip=(select dbo.getcurrentip()) if exists (select * inserted) , exists (select * deleted) --print 'update happened'; insert logger(ipaddress,status) values (@strip,'update') else if exists (select * inserted) --print 'insert happened'; insert logger(ipaddress,status) values (@strip,'insert') else --print 'delete happened'; insert logger(ipaddress,status) values (@strip,'delete') create function [dbo].[getcurrentip] () returns varchar(255) begin declare @ip_address varchar(255); select @ip_address = client_net_address sys.dm_exec_connections session_id = @@spid; return @ip_address; end but problem user can change data after disabling trigger on specific table. trigger not fire , user can seamlessly change data.
so guide me best way capture data change , log them. no 1 can bypass security. please not tell me disable sa account because looking different approach capture change data. there secure way exist in sql server 2005/2008 if yes please discuss here. thanks
problem sa security checks skipped login (or other login in sysadmin role matter). so, can't revoke privilege sa , there's nothing can on instance level sa cannot bypass.
like others said, don't let login sysadmin unless there's real sysadmin work done. best practice disable sa login altogether.
on cnstructive side, best bet otherwise create sql server audit session , use windows security log target. way you'll @ least know , when stopped audit.
Comments
Post a Comment