Solved

SQL 2005 database - Trigger to return user name on network when using sa logon to database

Posted on 2013-05-26
13
415 Views
Last Modified: 2013-05-28
I have an application updating a MSSQL 2005 database and would like to record the change to  one field on a table. I have the trigger working fine to record this and can return all info I need except I would like to return the name of the user logged in on the network.

I have used USER_NAME - returns dbo and SYSTEM_USER - returns sa.

HOST_NAME() returns the Computer name which is useful.

I can get the @@SPID and lookup the relavent info from the session - sysprocesses - there is a field nt_user_name but this is blank and I cannot see anything that gives the logged on user.

Appreciate any help in identifying how I could access this.
0
Comment
Question by:donhannam
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 12

Accepted Solution

by:
Koen Van Wielink earned 250 total points
Comment Utility
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
LVL 12

Expert Comment

by:Koen Van Wielink
Comment Utility
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
LVL 12

Expert Comment

by:Koen Van Wielink
Comment Utility
As far as I know it's not possible to retrieve the Windows user ID unless you are using Windows authentication to access the database.
0
 
LVL 12

Expert Comment

by:Tony303
Comment Utility
Am I right in thinking the app is using sa as the connection string? Not the best. Also, I agree with Kvwielink, windows authentication will be able to log the NT user via your trigger.
0
 
LVL 16

Expert Comment

by:Surendra Nath
Comment Utility
Creating a windows login for every user in the sql server will be a problem,
both for maintenance of the logins (adding the new users and also deleting the old ones) and also the security purposes, what if you dont want the user himself dont want to have access to your database in any case (apart from your application), by creating a windows login on your server, you will be essentially given access rights to that user on your database (which might become an audit issue later).

Now, what are the options available in order to achieve this thing..


Almost all the applications, will have way to get the NT user id.
Now, get the user id in your application and pass it on to your database along with the other fields...
Just incase if you dont have the nt user name on your table itself then I suggest you to add it....
0
 
LVL 75

Expert Comment

by:Anthony Perkins
Comment Utility
Creating a windows login for every user in the sql server will be a problem,
You do not need to create a Windows Login in order to use Windows Authentication.  In fact, it is as you have pointed out a lousy idea.  A better approach is to create a Windows Group called something like SQLUsers, you can then give SQLUsers the right permissions.  Then it becomes a simple process of adding and subtracting users from this Windows Group and not from SQL Server.  In other words, once you have created the SQLUsers Login in SQL Server, it is no longer your (as a SQL Server DBA) problem, but rather the IT staff.  :)
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:donhannam
Comment Utility
Thanks for the comments - sounds like the windows user ID is not directly available?. I can get the HOST_NAME - the computer that is being used - very rare 2 users will be logged on at once - is it possible to find the user who is logged on to a computer in the network/domain at the time the trigger is run?.

This is a third party application - It is set up with all users on the sa password and security handled in application. Would prefer to leave this as is and find a way to access the windows user from the trigger.
0
 
LVL 75

Assisted Solution

by:Anthony Perkins
Anthony Perkins earned 250 total points
Comment Utility
Is the third party app using a connection string that you can modify?  If so there may be a workaround to set the user name.  Otherwise you are simply out of luck.
0
 

Author Closing Comment

by:donhannam
Comment Utility
Thanks for comments - was hoping there was a way of getting this but looks like its not possible.
0
 
LVL 12

Expert Comment

by:Koen Van Wielink
Comment Utility
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
LVL 12

Expert Comment

by:Koen Van Wielink
Comment Utility
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 
LVL 12

Expert Comment

by:Koen Van Wielink
Comment Utility
Don't rule out Neo_jarvis' point about having the application pass the NT user name into the database. If this is really important for you, and you don't want to change the security setup for accessing the database, it might be best to ask the supplier of your application to add the NT user name to the database. This should not be too complicated.
0
 

Author Comment

by:donhannam
Comment Utility
Thanks - unfortunately cannot get application supplier to do this
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

I am showing a way to read/import the excel data in table using SQL server 2005... Suppose there is an Excel file "Book1" at location "C:\temp" with column "First Name" and "Last Name". Now to import this Excel data into the table, we will use…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now