Link to home
Start Free TrialLog in
Avatar of WJENorris
WJENorris

asked on

How to audit domain user access dates and times to an sql server 2008 database

I need to gain specific information on when an SQL SERVER 2008 database is being accessed and by which domain user (ideally dates and times).  The SQL SERVER 2008 is running on at Windows 2003 Server platform.

All help greatly appreciated.  Thanks, Will
Avatar of QPR
QPR
Flag of New Zealand image
well suser_name() and getDate() will give you the domain user and the date/time of the activity but how you store or retrieve these depends entirely on other factors?
If you want to know who and when data was selected then you are going to have to cater for this after your select statement. You could keep note of the row(s) accessed (and how will again depend on the platform involved) and could then update those rows with the results of the 2 functions suser_name() and getdate()

select field1, filed2, suser_name(), getDate()
from mytable
where something = this

store this somewhere and do an insert to an audit table with the same resultset or update the base tables with the suser_name() and GetDate() values. Doing an update means you'll only get the last data retrieval so you may want to have a seperate audit table where you store only the primary key of the base table, the user and the timestamp
Avatar of QPR
QPR
Flag of New Zealand image
this article speaks of some new auditing options with SQL 2008
http://msdn.microsoft.com/en-us/library/dd392015.aspx
Avatar of WJENorris
WJENorris

ASKER

Thanks for these leads -  they look very useful for predefined security audits - and I will use them. BUT do you know of a 'quick and dirty' way to just view database access times by all domain users in the past 2 weeks ?

Thanks again for your help with this. Will
Avatar of QPR
QPR
Flag of New Zealand image
To my knowledge there is no built in way/data that will audit db access.... unless it's via an application that deals with it. Without giving away specifics, is there something in particular you are looking for?
Avatar of WJENorris
WJENorris

ASKER

Yes, the times and dates when a couple of specific users have accessed the SQL database in the last couple of weeks. Thanks again for comments. If necessary I will define an audit as you suggest - can this the report be run retrospectively or does it just report from the date when it's defined and onwards ??
ASKER CERTIFIED SOLUTION
Avatar of QPR
QPR
Flag of New Zealand image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of QPR
QPR
Flag of New Zealand image
There are other ways to skin a cat though. How would they have accessed the data? Management studio? Application? Remote desktop? You may have events in the windows event viewer logging successful access but not much to prove specific access. Had they modified data then you'd have something to go on
Avatar of WJENorris
WJENorris

ASKER

Many thanks for your help. Will

ps QPR ???