Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SQL 2005 database - Trigger to return user name on network when using sa logon to database

Posted on 2013-05-26
13
Medium Priority
?
436 Views
Last Modified: 2013-05-28
I have an application updating a MSSQL 2005 database and would like to record the change to  one field on a table. I have the trigger working fine to record this and can return all info I need except I would like to return the name of the user logged in on the network.

I have used USER_NAME - returns dbo and SYSTEM_USER - returns sa.

HOST_NAME() returns the Computer name which is useful.

I can get the @@SPID and lookup the relavent info from the session - sysprocesses - there is a field nt_user_name but this is blank and I cannot see anything that gives the logged on user.

Appreciate any help in identifying how I could access this.
0
Comment
Question by:donhannam
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 13

Accepted Solution

by:
Koen Van Wielink earned 750 total points
ID: 39198611
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
LVL 13

Expert Comment

by:Koen Van Wielink
ID: 39198612
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
LVL 13

Expert Comment

by:Koen Van Wielink
ID: 39198613
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 12

Expert Comment

by:Tony303
ID: 39198836
Am I right in thinking the app is using sa as the connection string? Not the best. Also, I agree with Kvwielink, windows authentication will be able to log the NT user via your trigger.
0
 
LVL 16

Expert Comment

by:Surendra Nath
ID: 39199178
Creating a windows login for every user in the sql server will be a problem,
both for maintenance of the logins (adding the new users and also deleting the old ones) and also the security purposes, what if you dont want the user himself dont want to have access to your database in any case (apart from your application), by creating a windows login on your server, you will be essentially given access rights to that user on your database (which might become an audit issue later).

Now, what are the options available in order to achieve this thing..


Almost all the applications, will have way to get the NT user id.
Now, get the user id in your application and pass it on to your database along with the other fields...
Just incase if you dont have the nt user name on your table itself then I suggest you to add it....
0
 
LVL 75

Expert Comment

by:Anthony Perkins
ID: 39199834
Creating a windows login for every user in the sql server will be a problem,
You do not need to create a Windows Login in order to use Windows Authentication.  In fact, it is as you have pointed out a lousy idea.  A better approach is to create a Windows Group called something like SQLUsers, you can then give SQLUsers the right permissions.  Then it becomes a simple process of adding and subtracting users from this Windows Group and not from SQL Server.  In other words, once you have created the SQLUsers Login in SQL Server, it is no longer your (as a SQL Server DBA) problem, but rather the IT staff.  :)
0
 

Author Comment

by:donhannam
ID: 39199876
Thanks for the comments - sounds like the windows user ID is not directly available?. I can get the HOST_NAME - the computer that is being used - very rare 2 users will be logged on at once - is it possible to find the user who is logged on to a computer in the network/domain at the time the trigger is run?.

This is a third party application - It is set up with all users on the sa password and security handled in application. Would prefer to leave this as is and find a way to access the windows user from the trigger.
0
 
LVL 75

Assisted Solution

by:Anthony Perkins
Anthony Perkins earned 750 total points
ID: 39200051
Is the third party app using a connection string that you can modify?  If so there may be a workaround to set the user name.  Otherwise you are simply out of luck.
0
 

Author Closing Comment

by:donhannam
ID: 39203470
Thanks for comments - was hoping there was a way of getting this but looks like its not possible.
0
 
LVL 13

Expert Comment

by:Koen Van Wielink
ID: 39203524
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
LVL 13

Expert Comment

by:Koen Van Wielink
ID: 39203525
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
LVL 13

Expert Comment

by:Koen Van Wielink
ID: 39203526
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 

Author Comment

by:donhannam
ID: 39203533
Thanks - unfortunately cannot get application supplier to do this
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are some very powerful Dynamic Management Views (DMV's) introduced with SQL 2005. The two in particular that we are going to discuss are sys.dm_db_index_usage_stats and sys.dm_db_index_operational_stats.   Recently, I was involved in a di…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question