Solved

MySQL audit storing application user ID

Posted on 2014-12-15
5
521 Views
Last Modified: 2015-05-11
Hi Experts,

I am trying to set up auditing for changes to data in MySQL tables, for my Perl web application.  I've had a look at this:
    www.go4expert.com/articles/database-transaction-auditing-mysql-t7252
and that looks good because it uses triggers to automatically create the audit records, but it looks as if it will record the MySQL user (e.g. USER() or CURRENT_USER()) in the audit table record, and since my application uses the same MySQL user for all web users, this won't identify the actual person who is making the change.  In my application, the ID of the person making the change is stored in a Perl variable (say $userid, which is an integer).

So, without me having to do extra coding wherever I make changes to tables (presumably by using triggers), how can I get MySQL to audit all changes to my tables, recording the $userid (Perl variable) as the user who made the change?

I've also had a quick look at these, but haven't recognised a solution to this $userid problem yet:
    http://dev.mysql.com/doc/refman/5.0/en/create-trigger.html
    http://dev.mysql.com/doc/refman/5.0/en/account-activity-auditing.html
    http://www.go4expert.com/forums/showthread.php?t=7252
    http://ronaldbradford.com/blog/auditing-your-mysql-data-2008-07-15

I'm using:
- mysql: Ver 14.14 Distrib 5.5.40, for Linux (x86_64) using readline 5.1
- Perl: 5.10.1

Thanks.
tel2
0
Comment
Question by:tel2
  • 2
5 Comments
 
LVL 24

Accepted Solution

by:
jimyX earned 500 total points
ID: 40504212
Hi tel2,
I am note using Perl, and am not familiar with how to use it, but I know mySql.
So triggers can not recognize the $userid unless you pass it on.

What you can do is set a variable in mySql that will hold the $userid before executing any query that influences the execution of triggers.

So let's take example from the link you provided earlier:

Original code:
-- Create INSERT event for tblTest
CREATE OR REPLACE trigger_insert_tblTest AFTER INSERT ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> '') OR (NEW.TestVarchar IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestVarchar", "--new record--", NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> 0) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestNumber", "--new record--", NEW.TestNumber);

    END IF; IF (NEW.TestDate <> '') OR (NEW.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestDate", "--new record--", NEW.TestDate);

    END IF;

END;$$

-- Create UPDATE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER UPDATE ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> OLD.TextVarchar) OR (NEW.TestVarchar IS NOT NULL AND OLD.TextVarchar IS NULL) OR (NEW.TestVarchar IS NULL AND OLD.TextVarchar IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestVarchar", OLD.TestVarchar, NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> OLD.TestNumber) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestNumber", OLD.TestNumber, NEW.TestNumber);

    END IF; IF (NEW.TestDate <> OLD.TestDate) OR (NEW.TestDate IS NOT NULL AND OLD.TestDate IS NULL) OR (NEW.TestDate IS NULL AND OLD.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (USER(), "tblTest", "TestDate", OLD.TestDate, NEW.TestDate);

    END IF;

END;$$

-- Create DELETE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER DELETE ON tblTest
FOR EACH ROW

    BEGIN CALL add_tblAudit (USER(), "tblTest", "TestVarchar", OLD.TestVarchar, "--deleted record--"); CALL add_tblAudit (USER(), "tblTest", "TestNumber", OLD.TestNumber, "--deleted record--"); CALL add_tblAudit (USER(), "tblTest", "TestDate", OLD.TestDate, "--deleted record--); 

END;$$

Open in new window


And it becomes:
-- Create INSERT event for tblTest
CREATE OR REPLACE trigger_insert_tblTest AFTER INSERT ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> '') OR (NEW.TestVarchar IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", "--new record--", NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> 0) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", "--new record--", NEW.TestNumber);

    END IF; IF (NEW.TestDate <> '') OR (NEW.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestDate", "--new record--", NEW.TestDate);

    END IF;

END;$$

-- Create UPDATE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER UPDATE ON tblTest
FOR EACH ROW

    BEGIN IF (NEW.TestVarchar <> OLD.TextVarchar) OR (NEW.TestVarchar IS NOT NULL AND OLD.TextVarchar IS NULL) OR (NEW.TestVarchar IS NULL AND OLD.TextVarchar IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", OLD.TestVarchar, NEW.TestVarchar);

    END IF; IF (NEW.TestNumber <> OLD.TestNumber) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", OLD.TestNumber, NEW.TestNumber);

    END IF; IF (NEW.TestDate <> OLD.TestDate) OR (NEW.TestDate IS NOT NULL AND OLD.TestDate IS NULL) OR (NEW.TestDate IS NULL AND OLD.TestDate IS NOT NULL) THEN

        CALL add_tblAudit (@zUserID, "tblTest", "TestDate", OLD.TestDate, NEW.TestDate);

    END IF;

END;$$

-- Create DELETE event for tblTest
CREATE OR REPLACE trigger_update_tblTest AFTER DELETE ON tblTest
FOR EACH ROW

    BEGIN CALL add_tblAudit (@zUserID, "tblTest", "TestVarchar", OLD.TestVarchar, "--deleted record--"); CALL add_tblAudit (@zUserID, "tblTest", "TestNumber", OLD.TestNumber, "--deleted record--"); CALL add_tblAudit (@zUserID, "tblTest", "TestDate", OLD.TestDate, "--deleted record--); 

END;$$

Open in new window


Then, remember YOU HAVE TO provide the @zUserID value before calling any query which involves triggers that need the user value, otherwise you get unknown/wrong users assigned ownership for records modification:

What you are going to do is:
This line of query comes first: "Set @zUserID = "+$userid
Then your required queries after: "Insert into YourTable values (...etc" or "Delete" or "Update".

That's the way to go.
0
 
LVL 11

Author Comment

by:tel2
ID: 40505943
Thank you so much, jimyX!

That looks like the kind of thing I'm after.

I hope to do some experimenting before I close this question, though.  Might be a while before I can make time.
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
ID: 40771881
I've requested that this question be closed as follows:

Accepted answer: 500 points for jimyX's comment #a40504212

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 11

Author Closing Comment

by:tel2
ID: 40771882
Thanks again, jimyX, and sorry for the delay in closing this.

tel2
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
complicated query 15 44
Oracle - Stored Procedure Privilge access 3 23
Runtime 3044 error 14 22
SQL BACKUP - 2008 R2 8 23
Composite queries are used to retrieve the results from joining multiple queries after applying any filters. UNION, INTERSECT, MINUS, and UNION ALL are some of the operators used to get certain desired results.​
Entering a date in Microsoft Access can be tricky. A typo can cause month and day to be shuffled, entering the day only causes an error, as does entering, say, day 31 in June. This article shows how an inputmask supported by code can help the user a…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now