Restrict disabling SQL Server audit

Is there a way to password protect sql server audits? I’m creating an audit specification to record the DML statement and there are few people who have the sysadmin role in the sql server instance. I don’t want to remove their sysadmin role and in the mean time I want them to be able to disable the Sql Server audit. I want to be able to audit the database without worrying about that someone could disable the audit then make changes to the database.

more ▼

asked Jun 17, 2013 at 02:05 PM in Default

avatar image

910 36 41 49

(comments are locked)
10|1200 characters needed characters left

1 answer: sort voted first

True anyone in the sysadmin role can alter the audits at the server level. Be mindful of users with .dbo access at the database level as well.

Take a look here for auditing information. http://msdn.microsoft.com/en-us/library/cc280386.aspx

I am pretty sure you can audit changes made to the audit. :)

more ▼

answered Jun 17, 2013 at 02:33 PM

avatar image

sqlaj 1
5.5k 4 6

Yup, as I thought. See this audit spec. "AUDIT_CHANGE_GROUP"

"This event is raised whenever any audit is created, modified or deleted."

Jun 17, 2013 at 02:37 PM sqlaj 1

Great, this is what I was looking for. Thanks. The only other concern that I might have is that they can remove (delete) the audit but I guess I can still can check the file to see the changes. I'm saving he changes to a file which they don't have access.

Jun 17, 2013 at 02:54 PM liton

You can also have the information logged to say the Windows (application) logs. They can still clear those. We have an extra layer. A tool that reads the logs and stores that information else where.

Jun 17, 2013 at 03:14 PM sqlaj 1
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.



asked: Jun 17, 2013 at 02:05 PM

Seen: 782 times

Last Updated: Jun 17, 2013 at 03:14 PM

Copyright 2018 Redgate Software. Privacy Policy