Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 441
  • Last Modified:

SQL 2005 database - Trigger to return user name on network when using sa logon to database

I have an application updating a MSSQL 2005 database and would like to record the change to  one field on a table. I have the trigger working fine to record this and can return all info I need except I would like to return the name of the user logged in on the network.

I have used USER_NAME - returns dbo and SYSTEM_USER - returns sa.

HOST_NAME() returns the Computer name which is useful.

I can get the @@SPID and lookup the relavent info from the session - sysprocesses - there is a field nt_user_name but this is blank and I cannot see anything that gives the logged on user.

Appreciate any help in identifying how I could access this.
0
donhannam
Asked:
donhannam
  • 6
  • 3
  • 2
  • +2
2 Solutions
 
Koen Van WielinkBusiness Intelligence SpecialistCommented:
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
Koen Van WielinkBusiness Intelligence SpecialistCommented:
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
Koen Van WielinkBusiness Intelligence SpecialistCommented:
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
Tony303Commented:
Am I right in thinking the app is using sa as the connection string? Not the best. Also, I agree with Kvwielink, windows authentication will be able to log the NT user via your trigger.
0
 
Surendra NathTechnology LeadCommented:
Creating a windows login for every user in the sql server will be a problem,
both for maintenance of the logins (adding the new users and also deleting the old ones) and also the security purposes, what if you dont want the user himself dont want to have access to your database in any case (apart from your application), by creating a windows login on your server, you will be essentially given access rights to that user on your database (which might become an audit issue later).

Now, what are the options available in order to achieve this thing..


Almost all the applications, will have way to get the NT user id.
Now, get the user id in your application and pass it on to your database along with the other fields...
Just incase if you dont have the nt user name on your table itself then I suggest you to add it....
0
 
Anthony PerkinsCommented:
Creating a windows login for every user in the sql server will be a problem,
You do not need to create a Windows Login in order to use Windows Authentication.  In fact, it is as you have pointed out a lousy idea.  A better approach is to create a Windows Group called something like SQLUsers, you can then give SQLUsers the right permissions.  Then it becomes a simple process of adding and subtracting users from this Windows Group and not from SQL Server.  In other words, once you have created the SQLUsers Login in SQL Server, it is no longer your (as a SQL Server DBA) problem, but rather the IT staff.  :)
0
 
donhannamAuthor Commented:
Thanks for the comments - sounds like the windows user ID is not directly available?. I can get the HOST_NAME - the computer that is being used - very rare 2 users will be logged on at once - is it possible to find the user who is logged on to a computer in the network/domain at the time the trigger is run?.

This is a third party application - It is set up with all users on the sa password and security handled in application. Would prefer to leave this as is and find a way to access the windows user from the trigger.
0
 
Anthony PerkinsCommented:
Is the third party app using a connection string that you can modify?  If so there may be a workaround to set the user name.  Otherwise you are simply out of luck.
0
 
donhannamAuthor Commented:
Thanks for comments - was hoping there was a way of getting this but looks like its not possible.
0
 
Koen Van WielinkBusiness Intelligence SpecialistCommented:
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
Koen Van WielinkBusiness Intelligence SpecialistCommented:
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
Koen Van WielinkBusiness Intelligence SpecialistCommented:
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
donhannamAuthor Commented:
Thanks - unfortunately cannot get application supplier to do this
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now