Hi all,
Looking for a method on sql server 2k of automated monitoring and
notification of creation of new login accts. When new login is created,
alert would go to one or more IT mgt people, perhaps also mgt of business
unit that use the database.
We use Blat (freeware email util) for sending emails & alerts. Situation
is we want to grant SecurityAdmin rights to one or two individuals (up to
now only sa acct/server admin accts have been used) to be able to review
sql error logs. Best I can tell, we have to grant them the Security Admin
role to do that through Enterprise Manager. However this also gives them
the right to create login accounts, so they could create their own login
acct, go in and browse around data they have no business looking at, then
delete the login account.
I have looked around, found that triggers are not supported on system
tables (idea was to create trigger on sysxlogins). Best I could find was a
method of using a scheduled sql agent job to capture data from the
sysprocesses table and record connections that are not in a "not" list to
the server event log:
http://www.databasejournal.com/feat...cle.php/2243271
thksIf you only want the users to be able to view the SQL Server
error logs, why not just grant them permissions to view the
log file at the OS level? The logs are just text files -
they can view them without using Enterprise Manager and
without having access to SQL Server.
If you did want to monitor for the addition of logins, with
SQL Server 2000 you can capture the addition of logins,
database users, adding logins/users to server/database
roles, etc using Profiler (or a server side trace). You can
find the events you can monitor in books online in the
topic: Security Audit Event Classes.
-Sue
On Tue, 1 Jun 2004 10:26:06 -0700, "GM"
<anonymous@.discussions.microsoft.com> wrote:
>Hi all,
>Looking for a method on sql server 2k of automated monitoring and
>notification of creation of new login accts. When new login is created,
>alert would go to one or more IT mgt people, perhaps also mgt of business
>unit that use the database.
>We use Blat (freeware email util) for sending emails & alerts. Situation
>is we want to grant SecurityAdmin rights to one or two individuals (up to
>now only sa acct/server admin accts have been used) to be able to review
>sql error logs. Best I can tell, we have to grant them the Security Admin
>role to do that through Enterprise Manager. However this also gives them
>the right to create login accounts, so they could create their own login
>acct, go in and browse around data they have no business looking at, then
>delete the login account.
>I have looked around, found that triggers are not supported on system
>tables (idea was to create trigger on sysxlogins). Best I could find was a
>method of using a scheduled sql agent job to capture data from the
>sysprocesses table and record connections that are not in a "not" list to
>the server event log:
>http://www.databasejournal.com/feat...cle.php/2243271
>thks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment