Solved

MySQL audit storing application user ID

Posted on 2014-12-15
5
561 Views
Last Modified: 2015-05-11
Hi Experts,

I am trying to set up auditing for changes to data in MySQL tables, for my Perl web application.  I've had a look at this:
    www.go4expert.com/articles/database-transaction-auditing-mysql-t7252
and that looks good because it uses triggers to automatically create the audit records, but it looks as if it will record the MySQL user (e.g. USER() or CURRENT_USER()) in the audit table record, and since my application uses the same MySQL user for all web users, this won't identify the actual person who is making the change.  In my application, the ID of the person making the change is stored in a Perl variable (say $userid, which is an integer).

So, without me having to do extra coding wherever I make changes to tables (presumably by using triggers), how can I get MySQL to audit all changes to my tables, recording the $userid (Perl variable) as the user who made the change?

I've also had a quick look at these, but haven't recognised a solution to this $userid problem yet:
    http://dev.mysql.com/doc/refman/5.0/en/create-trigger.html
    http://dev.mysql.com/doc/refman/5.0/en/account-activity-auditing.html
    http://www.go4expert.com/forums/showthread.php?t=7252
    http://ronaldbradford.com/blog/auditing-your-mysql-data-2008-07-15

I'm using:
- mysql: Ver 14.14 Distrib 5.5.40, for Linux (x86_64) using readline 5.1
- Perl: 5.10.1

Thanks.
tel2
0
Comment
Question by:tel2
  • 2
5 Comments
 
LVL 24

Accepted Solution

by:
jimyX earned 500 total points
ID: 40504212
Hi tel2,
I am note using Perl, and am not familiar with how to use it, but I know mySql.
So triggers can not recognize the $userid unless you pass it on.

What you can do is set a variable in mySql that will hold the $userid before executing any query that influences the execution of triggers.

So let's take example from the link you provided earlier:

Original code:
-- Create INSERT event for tblTest
CREATE OR REPLACE trigger_insert_tblTest AFTER INSERT ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> '') OR (NEW.TestVarchar IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestVarchar", "--new record--", NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> 0) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestNumber", "--new record--", NEW.TestNumber);

    END IF; IF (NEW.TestDate <> '') OR (NEW.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestDate", "--new record--", NEW.TestDate);

    END IF;

END;$$

-- Create UPDATE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER UPDATE ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> OLD.TextVarchar) OR (NEW.TestVarchar IS NOT NULL AND OLD.TextVarchar IS NULL) OR (NEW.TestVarchar IS NULL AND OLD.TextVarchar IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestVarchar", OLD.TestVarchar, NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> OLD.TestNumber) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestNumber", OLD.TestNumber, NEW.TestNumber);

    END IF; IF (NEW.TestDate <> OLD.TestDate) OR (NEW.TestDate IS NOT NULL AND OLD.TestDate IS NULL) OR (NEW.TestDate IS NULL AND OLD.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestDate", OLD.TestDate, NEW.TestDate);

    END IF;

END;$$

-- Create DELETE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER DELETE ON tblTest
FOR EACH ROW

    BEGIN CALL add_tblAudit (USER(), "tblTest", "TestVarchar", OLD.TestVarchar, "--deleted record--"); CALL add_tblAudit (USER(), "tblTest", "TestNumber", OLD.TestNumber, "--deleted record--"); CALL add_tblAudit (USER(), "tblTest", "TestDate", OLD.TestDate, "--deleted record--); 

END;$$

Open in new window


And it becomes:
-- Create INSERT event for tblTest
CREATE OR REPLACE trigger_insert_tblTest AFTER INSERT ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> '') OR (NEW.TestVarchar IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", "--new record--", NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> 0) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", "--new record--", NEW.TestNumber);

    END IF; IF (NEW.TestDate <> '') OR (NEW.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestDate", "--new record--", NEW.TestDate);

    END IF;

END;$$

-- Create UPDATE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER UPDATE ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> OLD.TextVarchar) OR (NEW.TestVarchar IS NOT NULL AND OLD.TextVarchar IS NULL) OR (NEW.TestVarchar IS NULL AND OLD.TextVarchar IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", OLD.TestVarchar, NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> OLD.TestNumber) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", OLD.TestNumber, NEW.TestNumber);

    END IF; IF (NEW.TestDate <> OLD.TestDate) OR (NEW.TestDate IS NOT NULL AND OLD.TestDate IS NULL) OR (NEW.TestDate IS NULL AND OLD.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestDate", OLD.TestDate, NEW.TestDate);

    END IF;

END;$$

-- Create DELETE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER DELETE ON tblTest
FOR EACH ROW

    BEGIN CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", OLD.TestVarchar, "--deleted record--"); CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", OLD.TestNumber, "--deleted record--"); CALL add_tblAudit (@zUserID, "tblTest", "TestDate", OLD.TestDate, "--deleted record--); 

END;$$

Open in new window


Then, remember YOU HAVE TO provide the @zUserID value before calling any query which involves triggers that need the user value, otherwise you get unknown/wrong users assigned ownership for records modification:

What you are going to do is:
This line of query comes first: "Set @zUserID = "+$userid
Then your required queries after: "Insert into YourTable values (...etc" or "Delete" or "Update".

That's the way to go.
0
 
LVL 12

Author Comment

by:tel2
ID: 40505943
Thank you so much, jimyX!

That looks like the kind of thing I'm after.

I hope to do some experimenting before I close this question, though.  Might be a while before I can make time.
0
 
LVL 143

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 40771881
I've requested that this question be closed as follows:

Accepted answer: 500 points for jimyX's comment #a40504212

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 12

Author Closing Comment

by:tel2
ID: 40771882
Thanks again, jimyX, and sorry for the delay in closing this.

tel2
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Have a conversion issue with varchar to int in a SQL: Query. 1 40
physical_device_name field in SQL 3 30
SQL Select in Access 2003 3 25
check mysql insert 12 26
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
Read about achieving the basic levels of HRIS security in the workplace.
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question