Hello,
I have a problem. I suspect a certain user in my company is using the SA account to log into Databases and run queries(query analyzer) to gather information this user is not suppose to view. The problem I have is this is an IT person so they know the SA password. How can I log specific or all queries run against all databases/tables/fields to find out exactly what this person is doing/seeing? Or if there is an alternative to find out this information?
Please advise?
Hi,
well that depends...on your way for data retrieval. If your only way for data retrieval are stored procedures, you could easily plugin another logging procedure in that code. If they can work with Select statement you will have to let the profiler run on some machine, capturing the SQL and Statement events with specifying additional attributes like the user_name and the host_name from where the user is connecting. That might get you a good information about the called statements. With putting a filter on the profiler you can narrow the event down to a database / HostName / Application etc.
HTH, Jens K. Suessmeyer.
http://www.sqlserver20095.de
|||Hi,
Well they are only running these in Select statements. These are not stored procedures. So I am assuming the SQL profiler would work with capturing the data on the database / hostname /application, etc. If you have a good example, that would be great.
Please advise?
-K
|||Simply run profiler and select the RPC / STMT / SQL Events which the appropiate data you want to capture. Thats all.HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
No comments:
Post a Comment