question

Steve Jones - Editor avatar image
Steve Jones - Editor asked

Finding the user's login

If I am auditing user actions and I want to be sure that I can capture the actual login, is there a function I can use in my auditing trigger?

securityloginaudit
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
KenJ avatar image
KenJ answered

There are a couple of built-in functions to give you the login for auditing.

  • suser_sname()
  • system_user

One thing to keep in mind with these is that a login with impersonate privileges can cause the trigger to record an incorrect login by changing the execution context prior to activating the trigger. Here's a quick demo query:

-- we need a user to spoof
create user bob

-- impersonate bob
execute as user = 'bob'

select suser_sname()
select system_user

-- done impersonating
revert

-- get rid of bob
drop user bob
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

TimothyAWiseman avatar image
TimothyAWiseman answered

The system_user function should give you the login of the user executing the query if it is invoked inside a trigger.

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.