SlideShare a Scribd company logo

Sql database audit

S
Sqlperfomance

SQL Database Audit overview is explained in this presentation. Auditing an instance of the SQL Server Database Engine or an individual database involves tracking and logging events that occur on the Database Engine.Database administrators and consultants often set up auditing for security purposes, for example, to ensure that those without the permission to access information do not access it.

Technology
1 of 13
Download to read offline
SQL DATABASE AUDIT Auditing an instance of the SQL Server Database Engine or an individual database involves tracking and logging events that occur on the Database Engine. SQL Server audit lets you create server audits, which can contain server audit specifications for server level events, and database audit specifications for database level events. There are several levels of auditing for SQL Server, depending on government or standards requirements for your installation. You can record server audit action groups per-instance, and either database audit action groups or database audit actions per database. The audit event will occur every time that the auditable action is encountered. All editions of SQL Server support server level audits. Database level auditing is limited to Enterprise, Developer, and Evaluation editions. http://www.sql-programmers.com/sql-database-audit.aspx
WHY DATABASE AUDIT? • Enable future accountability for current actions taken in a particular schema, table, row or affecting specific content • Deter users from inappropriate actions based on that accountability • Investigate suspicious activity • Notify an auditor that an unauthorized user is manipulating or deleting data and that the user has more privileges than expected which can lead to reassessing user authorizations • Monitor and gather data about specific database activities http://www.sql-programmers.com/sql-database-audit.aspx
OVERVIEW OF SQL AUDIT You can use SQL Server Management Studio or Transact-SQL to define an audit. After the audit is created and enabled, the target will receive entries. You can read the Windows event logs by using the Event Viewer utility in Windows. For file targets, you can use either the Log File Viewer in SQL Server Management Studio or the fn_get_audit_file function to read the target file. The general process for creating and using an audit is as follows. Create an audit and define the target. Create either a server audit specification or database audit specification that maps to the audit. Enable the audit specification. Enable the audit. Read the audit events by using the Windows Event Viewer, Log File Viewer, or the fn_get_audit_file function. http://www.sql-programmers.com/sql-database-audit.aspx
SQL SERVER AUDIT COMPONENTS An audit is the combination of several elements into a single package for a specific group of server actions or database actions. The components of SQL Server audit combine to produce an output that is called an audit, just as a report definition combined with graphics and data elements produces a report. SQL Server audit uses Extended Events to help create an audit. http://www.sql-programmers.com/sql-database-audit.aspx
SQL DATABASE AUDIT SPECIFICATION The Server Audit Specification object belongs to an audit. You can create one server audit specification per audit, because both are created at the SQL Server instance scope. The database audit specification collects database-level audit actions raised by the Extended Events feature. You can add either audit action groups or audit events to a database audit specification. Audit events are the atomic actions that can be audited by the SQL Server engine. Audit action groups are predefined groups of actions. Both are at the SQL Server database scope. These actions are sent to the audit, which records them in the target. Do not include server-scoped objects, such as the system views, in a user database audit specification http://www.sql-programmers.com/sql-database-audit.aspx
TARGET The results of an audit are sent to a target, which can be a file, the Windows Security event log, or the Windows Application event log. Logs must be reviewed and archived periodically to make sure that the target has sufficient space to write additional records When you are saving audit information to a file, to help prevent tampering, you can restrict access to the file location in the following ways: The SQL Server Service Account must have both Read and Write permission. Audit Administrators typically require Read and Write permission. This assumes that the Audit Administrators are Windows accounts for administration of audit files, such as: copying them to different shares, backing them up, and so on. Audit Readers that are authorized to read audit files must have Read permission http://www.sql-programmers.com/sql-database-audit.aspx
DATABASE MIRRORING AND SQL AUDIT A database that has a database audit specification defined and that uses database mirroring will include the database audit specification. To work correctly on the mirrored SQL instance, the following items must be configured: • The mirror server must have an audit with the same GUID to enable the database audit specification to write audit records. This can be configured by using the command CREATE AUDIT WITH GUID= <GUID from source Server Audit>. • For binary file targets, the mirror server service account must have appropriate permissions to the location where the audit trail is being written. • For Windows event log targets, the security policy on the computer where the mirror server is located must allow for service account access to the security or application event log. http://www.sql-programmers.com/sql-database-audit.aspx
DDL STATEMENTS You can use the following DDL statements to create, alter, and drop audit specifications: ALTER AUTHORIZATION CREATE SERVER AUDIT ALTER DATABASE AUDIT SPECIFICATION CREATE SERVER AUDIT SPECIFICATION ALTER SERVER AUDIT DROP DATABASE AUDIT SPECIFICATION ALTER SERVER AUDIT SPECIFICATION DROP SERVER AUDIT CREATE DATABASE AUDIT SPECIFICATION DROP SERVER AUDIT SPECIFICATION http://www.sql-programmers.com/sql-database-audit.aspx
DYNAMIC VIEWS AND FUNCTIONS The following table lists the dynamic views and function that you can use for SQL Server Auditing Dynamic views and functions Description sys.dm_audit_actions Returns a row for every audit action that can be reported in the audit log and every audit action group that can be configured as part of SQL Server Audit. sys.dm_server_audit_status Provides information about the current state of the audit. sys.dm_audit_class_type_map Returns a table that maps the class_type field in the audit log to the class_desc field in sys.dm_audit_actions. fn_get_audit_file Returns information from an audit file created by a server audit. http://www.sql-programmers.com/sql-database-audit.aspx
CATALOG VIEWS AND FUNCTIONS The following table lists the catalog views that you can use for SQL Server auditing. Catalog views Description sys.database_ audit_specifications Contains information about the database audit specifications in a SQL Server audit on a server instance. sys.database_audit_specification_de Contains information about the database audit specifications in a tails SQL Server audit on a server instance for all databases. sys.server_audits Contains one row for each SQL Server audit in a server instance. sys.server_audit_specifications Contains information about the server audit specifications in a SQL Server audit on a server instance. sys.server_audit_specifications_detai Contains information about the server audit specification details ls (actions) in a SQL Server audit on a server instance. sys.server_file_audits Contains stores extended information about the file audit type in a SQL Server audit on a server instance. http://www.sql-programmers.com/sql-database-audit.aspx
PERMISSIONS Each feature and command for SQL Server Audit has individual permission requirements. Unless otherwise specified, viewing catalog views requires a principal to have one of the following: • Membership in the sysadmin fixed server role • The CONTROL SERVER permission • The VIEW SERVER STATE permission • The ALTER ANY AUDIT permission • The VIEW AUDIT STATE permission (gives only the principal access to the sys.server_audits catalog view) http://www.sql-programmers.com/sql-database-audit.aspx
PERMISSIONS – contd… Principals in the sysadmin role can tamper with any audit component and those in the db_owner role can tamper with audit specifications in a database. SQL Server Audit will validate that a logon that creates or alters an audit specification has at least the ALTER ANY DATABASE AUDIT permission. However, it does no validation when you attach a database. You should assume all Database Audit Specifications are only as trustworthy as those principals in the sysadmin or db_owner role. http://www.sql-programmers.com/sql-database-audit.aspx
THANK YOU ! http://www.sql-programmers.com

Recommended

Auditing Data Access in SQL Server
Auditing Data Access in SQL ServerAuditing Data Access in SQL Server
Auditing Data Access in SQL Server
Antonios Chatzipavlis
 
Microsoft Azure VM Cheat Sheet
Microsoft Azure VM Cheat SheetMicrosoft Azure VM Cheat Sheet
Microsoft Azure VM Cheat Sheet
Milos Halecka
 
Snowflake free trial_lab_guide
Snowflake free trial_lab_guideSnowflake free trial_lab_guide
Snowflake free trial_lab_guide
slidedown1
 
Data Privacy with Apache Spark: Defensive and Offensive Approaches
Data Privacy with Apache Spark: Defensive and Offensive ApproachesData Privacy with Apache Spark: Defensive and Offensive Approaches
Data Privacy with Apache Spark: Defensive and Offensive Approaches
Databricks
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
Mikhail Egorov
 
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
APIsecure_ Official
 
빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar
빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar
빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar
Amazon Web Services Korea
 
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Scott Sutherland
 

Recommended

Auditing Data Access in SQL Server
Auditing Data Access in SQL ServerAuditing Data Access in SQL Server
Auditing Data Access in SQL Server
Antonios Chatzipavlis
 
Microsoft Azure VM Cheat Sheet
Microsoft Azure VM Cheat SheetMicrosoft Azure VM Cheat Sheet
Microsoft Azure VM Cheat Sheet
Milos Halecka
 
Snowflake free trial_lab_guide
Snowflake free trial_lab_guideSnowflake free trial_lab_guide
Snowflake free trial_lab_guide
slidedown1
 
Data Privacy with Apache Spark: Defensive and Offensive Approaches
Data Privacy with Apache Spark: Defensive and Offensive ApproachesData Privacy with Apache Spark: Defensive and Offensive Approaches
Data Privacy with Apache Spark: Defensive and Offensive Approaches
Databricks
 
Hunting for security bugs in AEM webapps
Hunting for security bugs in AEM webappsHunting for security bugs in AEM webapps
Hunting for security bugs in AEM webapps
Mikhail Egorov
 
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
2022 APIsecure_Method for exploiting IDOR on nodejs+mongodb based backend
APIsecure_ Official
 
빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar
빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar
빠른 모바일 인증 구현을 위한 Amazon Cognito 서비스 소개 :: 윤석찬 - AWS Monthly Webinar
Amazon Web Services Korea
 
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
Scott Sutherland
 
Optimizing Delta/Parquet Data Lakes for Apache Spark
Optimizing Delta/Parquet Data Lakes for Apache SparkOptimizing Delta/Parquet Data Lakes for Apache Spark
Optimizing Delta/Parquet Data Lakes for Apache Spark
Databricks
 
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Cathrine Wilhelmsen
 
AWS Aurora 운영사례 (by 배은미)
AWS Aurora 운영사례 (by 배은미)AWS Aurora 운영사례 (by 배은미)
AWS Aurora 운영사례 (by 배은미)
I Goo Lee.
 
Building Robust ETL Pipelines with Apache Spark
Building Robust ETL Pipelines with Apache SparkBuilding Robust ETL Pipelines with Apache Spark
Building Robust ETL Pipelines with Apache Spark
Databricks
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
Amazon Web Services
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
chuckbt
 
Build Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingBuild Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks Streaming
Databricks
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
Rich Helton
 
Informational Referential Integrity Constraints Support in Apache Spark with ...
Informational Referential Integrity Constraints Support in Apache Spark with ...Informational Referential Integrity Constraints Support in Apache Spark with ...
Informational Referential Integrity Constraints Support in Apache Spark with ...
Databricks
 
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Databricks
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfiguration
zakieh alizadeh
 
ksqlDB로 실시간 데이터 변환 및 스트림 처리
ksqlDB로 실시간 데이터 변환 및 스트림 처리ksqlDB로 실시간 데이터 변환 및 스트림 처리
ksqlDB로 실시간 데이터 변환 및 스트림 처리
confluent
 
Performance Troubleshooting Using Apache Spark Metrics
Performance Troubleshooting Using Apache Spark MetricsPerformance Troubleshooting Using Apache Spark Metrics
Performance Troubleshooting Using Apache Spark Metrics
Databricks
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource Sharing
Luke Weerasooriya
 
Making Structured Streaming Ready for Production
Making Structured Streaming Ready for ProductionMaking Structured Streaming Ready for Production
Making Structured Streaming Ready for Production
Databricks
 
Apache Spark At Scale in the Cloud
Apache Spark At Scale in the CloudApache Spark At Scale in the Cloud
Apache Spark At Scale in the Cloud
Databricks
 
Care and Feeding of Catalyst Optimizer
Care and Feeding of Catalyst OptimizerCare and Feeding of Catalyst Optimizer
Care and Feeding of Catalyst Optimizer
Databricks
 
Successful DB migrations with Liquibase
Successful DB migrations with Liquibase Successful DB migrations with Liquibase
Successful DB migrations with Liquibase
Illia Seleznov
 
Implementing Auditing in SQL Server
Implementing Auditing in SQL ServerImplementing Auditing in SQL Server
Implementing Auditing in SQL Server
David Dye
 
Rock Solid SQL Server Management
Rock Solid SQL Server ManagementRock Solid SQL Server Management
Rock Solid SQL Server Management
Tony Bain
 

More Related Content

What's hot

Optimizing Delta/Parquet Data Lakes for Apache Spark
Optimizing Delta/Parquet Data Lakes for Apache SparkOptimizing Delta/Parquet Data Lakes for Apache Spark
Optimizing Delta/Parquet Data Lakes for Apache Spark
Databricks
 
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Cathrine Wilhelmsen
 
AWS Aurora 운영사례 (by 배은미)
AWS Aurora 운영사례 (by 배은미)AWS Aurora 운영사례 (by 배은미)
AWS Aurora 운영사례 (by 배은미)
I Goo Lee.
 
Building Robust ETL Pipelines with Apache Spark
Building Robust ETL Pipelines with Apache SparkBuilding Robust ETL Pipelines with Apache Spark
Building Robust ETL Pipelines with Apache Spark
Databricks
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
Ankita Mahajan
 
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
Amazon Web Services
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
chuckbt
 
Build Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingBuild Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks Streaming
Databricks
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
Rich Helton
 
Informational Referential Integrity Constraints Support in Apache Spark with ...
Informational Referential Integrity Constraints Support in Apache Spark with ...Informational Referential Integrity Constraints Support in Apache Spark with ...
Informational Referential Integrity Constraints Support in Apache Spark with ...
Databricks
 
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Databricks
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfiguration
zakieh alizadeh
 
ksqlDB로 실시간 데이터 변환 및 스트림 처리
ksqlDB로 실시간 데이터 변환 및 스트림 처리ksqlDB로 실시간 데이터 변환 및 스트림 처리
ksqlDB로 실시간 데이터 변환 및 스트림 처리
confluent
 
Performance Troubleshooting Using Apache Spark Metrics
Performance Troubleshooting Using Apache Spark MetricsPerformance Troubleshooting Using Apache Spark Metrics
Performance Troubleshooting Using Apache Spark Metrics
Databricks
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource Sharing
Luke Weerasooriya
 
Making Structured Streaming Ready for Production
Making Structured Streaming Ready for ProductionMaking Structured Streaming Ready for Production
Making Structured Streaming Ready for Production
Databricks
 
Apache Spark At Scale in the Cloud
Apache Spark At Scale in the CloudApache Spark At Scale in the Cloud
Apache Spark At Scale in the Cloud
Databricks
 
Care and Feeding of Catalyst Optimizer
Care and Feeding of Catalyst OptimizerCare and Feeding of Catalyst Optimizer
Care and Feeding of Catalyst Optimizer
Databricks
 
Successful DB migrations with Liquibase
Successful DB migrations with Liquibase Successful DB migrations with Liquibase
Successful DB migrations with Liquibase
Illia Seleznov
 

What's hot (20)

Optimizing Delta/Parquet Data Lakes for Apache Spark
Optimizing Delta/Parquet Data Lakes for Apache SparkOptimizing Delta/Parquet Data Lakes for Apache Spark
Optimizing Delta/Parquet Data Lakes for Apache Spark
 
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
Pipelines and Packages: Introduction to Azure Data Factory (DATA:Scotland 2019)
 
AWS Aurora 운영사례 (by 배은미)
AWS Aurora 운영사례 (by 배은미)AWS Aurora 운영사례 (by 배은미)
AWS Aurora 운영사례 (by 배은미)
 
Building Robust ETL Pipelines with Apache Spark
Building Robust ETL Pipelines with Apache SparkBuilding Robust ETL Pipelines with Apache Spark
Building Robust ETL Pipelines with Apache Spark
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
 
Rest api standards and best practices
Rest api standards and best practicesRest api standards and best practices
Rest api standards and best practices
 
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform(BDT303) Running Spark and Presto on the Netflix Big Data Platform
(BDT303) Running Spark and Presto on the Netflix Big Data Platform
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Log
 
Build Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks StreamingBuild Real-Time Applications with Databricks Streaming
Build Real-Time Applications with Databricks Streaming
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
 
Informational Referential Integrity Constraints Support in Apache Spark with ...
Informational Referential Integrity Constraints Support in Apache Spark with ...Informational Referential Integrity Constraints Support in Apache Spark with ...
Informational Referential Integrity Constraints Support in Apache Spark with ...
 
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
Designing ETL Pipelines with Structured Streaming and Delta Lake—How to Archi...
 
Session10-PHP Misconfiguration
Session10-PHP MisconfigurationSession10-PHP Misconfiguration
Session10-PHP Misconfiguration
 
ksqlDB로 실시간 데이터 변환 및 스트림 처리
ksqlDB로 실시간 데이터 변환 및 스트림 처리ksqlDB로 실시간 데이터 변환 및 스트림 처리
ksqlDB로 실시간 데이터 변환 및 스트림 처리
 
Performance Troubleshooting Using Apache Spark Metrics
Performance Troubleshooting Using Apache Spark MetricsPerformance Troubleshooting Using Apache Spark Metrics
Performance Troubleshooting Using Apache Spark Metrics
 
Cross Origin Resource Sharing
Cross Origin Resource SharingCross Origin Resource Sharing
Cross Origin Resource Sharing
 
Making Structured Streaming Ready for Production
Making Structured Streaming Ready for ProductionMaking Structured Streaming Ready for Production
Making Structured Streaming Ready for Production
 
Apache Spark At Scale in the Cloud
Apache Spark At Scale in the CloudApache Spark At Scale in the Cloud
Apache Spark At Scale in the Cloud
 
Care and Feeding of Catalyst Optimizer
Care and Feeding of Catalyst OptimizerCare and Feeding of Catalyst Optimizer
Care and Feeding of Catalyst Optimizer
 
Successful DB migrations with Liquibase
Successful DB migrations with Liquibase Successful DB migrations with Liquibase
Successful DB migrations with Liquibase
 

Similar to Sql database audit

Implementing Auditing in SQL Server
Implementing Auditing in SQL ServerImplementing Auditing in SQL Server
Implementing Auditing in SQL Server
David Dye
 
Rock Solid SQL Server Management
Rock Solid SQL Server ManagementRock Solid SQL Server Management
Rock Solid SQL Server Management
Tony Bain
 
Maria db audit plugin introduction v1.3
Maria db audit plugin introduction v1.3Maria db audit plugin introduction v1.3
Maria db audit plugin introduction v1.3
YUCHENG HU
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
SpanishPASSVC
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
ukdpe
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
Hostway|HOSTING
 
Monitor and tune for performance
Monitor and tune for performanceMonitor and tune for performance
Monitor and tune for performance
Steve Xu
 
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBAKoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
Tobias Koprowski
 
Microsoft SQL Server 2008 R2 - Manageability Presentation
Microsoft SQL Server 2008 R2 - Manageability PresentationMicrosoft SQL Server 2008 R2 - Manageability Presentation
Microsoft SQL Server 2008 R2 - Manageability Presentation
Microsoft Private Cloud
 
DBA, LEVEL III TTLM Monitoring and Administering Database.docx
DBA, LEVEL III TTLM Monitoring and Administering Database.docxDBA, LEVEL III TTLM Monitoring and Administering Database.docx
DBA, LEVEL III TTLM Monitoring and Administering Database.docx
seifusisay06
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
xKinAnx
 
SQL Server and System Center Advisor
SQL Server and System Center AdvisorSQL Server and System Center Advisor
SQL Server and System Center Advisor
Eduardo Castro
 
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSCWinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
IDERA Software
 
Monitor database essentials with Applications Manager
Monitor database essentials with Applications ManagerMonitor database essentials with Applications Manager
Monitor database essentials with Applications Manager
ManageEngine, Zoho Corporation
 
Sql server basics
Sql server basicsSql server basics
Sql server basics
Dilfaroz Khan
 
Be05 introduction to sql azure
Be05 introduction to sql azureBe05 introduction to sql azure
Be05 introduction to sql azure
DotNetCampus
 
Sql Sever Presentation.pptx
Sql Sever Presentation.pptxSql Sever Presentation.pptx
Sql Sever Presentation.pptx
zeeshanahmed213830
 
Whatsnew in-my sql-primary
Whatsnew in-my sql-primaryWhatsnew in-my sql-primary
Whatsnew in-my sql-primary
Kaizenlogcom
 
Sql server-performance-hafi
Sql server-performance-hafiSql server-performance-hafi
Sql server-performance-hafi
zabi-babi
 

Similar to Sql database audit (20)

Implementing Auditing in SQL Server
Implementing Auditing in SQL ServerImplementing Auditing in SQL Server
Implementing Auditing in SQL Server
 
Rock Solid SQL Server Management
Rock Solid SQL Server ManagementRock Solid SQL Server Management
Rock Solid SQL Server Management
 
Maria db audit plugin introduction v1.3
Maria db audit plugin introduction v1.3Maria db audit plugin introduction v1.3
Maria db audit plugin introduction v1.3
 
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
24 HOP edición Español -Diferentes técnicas de administración de logins y usu...
 
SQL Server 2008 Security Overview
SQL Server 2008 Security OverviewSQL Server 2008 Security Overview
SQL Server 2008 Security Overview
 
SQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite ThingsSQL Server 2016: Just a Few of Our DBA's Favorite Things
SQL Server 2016: Just a Few of Our DBA's Favorite Things
 
Monitor and tune for performance
Monitor and tune for performanceMonitor and tune for performance
Monitor and tune for performance
 
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBAKoprowskiT_Session2_SDNEvent_SourceControlForDBA
KoprowskiT_Session2_SDNEvent_SourceControlForDBA
 
Microsoft SQL Server 2008 R2 - Manageability Presentation
Microsoft SQL Server 2008 R2 - Manageability PresentationMicrosoft SQL Server 2008 R2 - Manageability Presentation
Microsoft SQL Server 2008 R2 - Manageability Presentation
 
DBA, LEVEL III TTLM Monitoring and Administering Database.docx
DBA, LEVEL III TTLM Monitoring and Administering Database.docxDBA, LEVEL III TTLM Monitoring and Administering Database.docx
DBA, LEVEL III TTLM Monitoring and Administering Database.docx
 
Presentation database security audit vault & database firewall
Presentation database security audit vault & database firewallPresentation database security audit vault & database firewall
Presentation database security audit vault & database firewall
 
SQL Server and System Center Advisor
SQL Server and System Center AdvisorSQL Server and System Center Advisor
SQL Server and System Center Advisor
 
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSCWinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
WinOps Conf 2016 - Ed Wilson - Configuration Management with Azure DSC
 
Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101Geek Sync | SQL Security Principals and Permissions 101
Geek Sync | SQL Security Principals and Permissions 101
 
Monitor database essentials with Applications Manager
Monitor database essentials with Applications ManagerMonitor database essentials with Applications Manager
Monitor database essentials with Applications Manager
 
Sql server basics
Sql server basicsSql server basics
Sql server basics
 
Be05 introduction to sql azure
Be05 introduction to sql azureBe05 introduction to sql azure
Be05 introduction to sql azure
 
Sql Sever Presentation.pptx
Sql Sever Presentation.pptxSql Sever Presentation.pptx
Sql Sever Presentation.pptx
 
Whatsnew in-my sql-primary
Whatsnew in-my sql-primaryWhatsnew in-my sql-primary
Whatsnew in-my sql-primary
 
Sql server-performance-hafi
Sql server-performance-hafiSql server-performance-hafi
Sql server-performance-hafi
 

Recently uploaded

Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 

Recently uploaded (20)

Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 

Sql database audit

  • 1. SQL DATABASE AUDIT Auditing an instance of the SQL Server Database Engine or an individual database involves tracking and logging events that occur on the Database Engine. SQL Server audit lets you create server audits, which can contain server audit specifications for server level events, and database audit specifications for database level events. There are several levels of auditing for SQL Server, depending on government or standards requirements for your installation. You can record server audit action groups per-instance, and either database audit action groups or database audit actions per database. The audit event will occur every time that the auditable action is encountered. All editions of SQL Server support server level audits. Database level auditing is limited to Enterprise, Developer, and Evaluation editions. http://www.sql-programmers.com/sql-database-audit.aspx
  • 2. WHY DATABASE AUDIT? • Enable future accountability for current actions taken in a particular schema, table, row or affecting specific content • Deter users from inappropriate actions based on that accountability • Investigate suspicious activity • Notify an auditor that an unauthorized user is manipulating or deleting data and that the user has more privileges than expected which can lead to reassessing user authorizations • Monitor and gather data about specific database activities http://www.sql-programmers.com/sql-database-audit.aspx
  • 3. OVERVIEW OF SQL AUDIT You can use SQL Server Management Studio or Transact-SQL to define an audit. After the audit is created and enabled, the target will receive entries. You can read the Windows event logs by using the Event Viewer utility in Windows. For file targets, you can use either the Log File Viewer in SQL Server Management Studio or the fn_get_audit_file function to read the target file. The general process for creating and using an audit is as follows. Create an audit and define the target. Create either a server audit specification or database audit specification that maps to the audit. Enable the audit specification. Enable the audit. Read the audit events by using the Windows Event Viewer, Log File Viewer, or the fn_get_audit_file function. http://www.sql-programmers.com/sql-database-audit.aspx
  • 4. SQL SERVER AUDIT COMPONENTS An audit is the combination of several elements into a single package for a specific group of server actions or database actions. The components of SQL Server audit combine to produce an output that is called an audit, just as a report definition combined with graphics and data elements produces a report. SQL Server audit uses Extended Events to help create an audit. http://www.sql-programmers.com/sql-database-audit.aspx
  • 5. SQL DATABASE AUDIT SPECIFICATION The Server Audit Specification object belongs to an audit. You can create one server audit specification per audit, because both are created at the SQL Server instance scope. The database audit specification collects database-level audit actions raised by the Extended Events feature. You can add either audit action groups or audit events to a database audit specification. Audit events are the atomic actions that can be audited by the SQL Server engine. Audit action groups are predefined groups of actions. Both are at the SQL Server database scope. These actions are sent to the audit, which records them in the target. Do not include server-scoped objects, such as the system views, in a user database audit specification http://www.sql-programmers.com/sql-database-audit.aspx
  • 6. TARGET The results of an audit are sent to a target, which can be a file, the Windows Security event log, or the Windows Application event log. Logs must be reviewed and archived periodically to make sure that the target has sufficient space to write additional records When you are saving audit information to a file, to help prevent tampering, you can restrict access to the file location in the following ways: The SQL Server Service Account must have both Read and Write permission. Audit Administrators typically require Read and Write permission. This assumes that the Audit Administrators are Windows accounts for administration of audit files, such as: copying them to different shares, backing them up, and so on. Audit Readers that are authorized to read audit files must have Read permission http://www.sql-programmers.com/sql-database-audit.aspx
  • 7. DATABASE MIRRORING AND SQL AUDIT A database that has a database audit specification defined and that uses database mirroring will include the database audit specification. To work correctly on the mirrored SQL instance, the following items must be configured: • The mirror server must have an audit with the same GUID to enable the database audit specification to write audit records. This can be configured by using the command CREATE AUDIT WITH GUID= <GUID from source Server Audit>. • For binary file targets, the mirror server service account must have appropriate permissions to the location where the audit trail is being written. • For Windows event log targets, the security policy on the computer where the mirror server is located must allow for service account access to the security or application event log. http://www.sql-programmers.com/sql-database-audit.aspx
  • 8. DDL STATEMENTS You can use the following DDL statements to create, alter, and drop audit specifications: ALTER AUTHORIZATION CREATE SERVER AUDIT ALTER DATABASE AUDIT SPECIFICATION CREATE SERVER AUDIT SPECIFICATION ALTER SERVER AUDIT DROP DATABASE AUDIT SPECIFICATION ALTER SERVER AUDIT SPECIFICATION DROP SERVER AUDIT CREATE DATABASE AUDIT SPECIFICATION DROP SERVER AUDIT SPECIFICATION http://www.sql-programmers.com/sql-database-audit.aspx
  • 9. DYNAMIC VIEWS AND FUNCTIONS The following table lists the dynamic views and function that you can use for SQL Server Auditing Dynamic views and functions Description sys.dm_audit_actions Returns a row for every audit action that can be reported in the audit log and every audit action group that can be configured as part of SQL Server Audit. sys.dm_server_audit_status Provides information about the current state of the audit. sys.dm_audit_class_type_map Returns a table that maps the class_type field in the audit log to the class_desc field in sys.dm_audit_actions. fn_get_audit_file Returns information from an audit file created by a server audit. http://www.sql-programmers.com/sql-database-audit.aspx
  • 10. CATALOG VIEWS AND FUNCTIONS The following table lists the catalog views that you can use for SQL Server auditing. Catalog views Description sys.database_ audit_specifications Contains information about the database audit specifications in a SQL Server audit on a server instance. sys.database_audit_specification_de Contains information about the database audit specifications in a tails SQL Server audit on a server instance for all databases. sys.server_audits Contains one row for each SQL Server audit in a server instance. sys.server_audit_specifications Contains information about the server audit specifications in a SQL Server audit on a server instance. sys.server_audit_specifications_detai Contains information about the server audit specification details ls (actions) in a SQL Server audit on a server instance. sys.server_file_audits Contains stores extended information about the file audit type in a SQL Server audit on a server instance. http://www.sql-programmers.com/sql-database-audit.aspx
  • 11. PERMISSIONS Each feature and command for SQL Server Audit has individual permission requirements. Unless otherwise specified, viewing catalog views requires a principal to have one of the following: • Membership in the sysadmin fixed server role • The CONTROL SERVER permission • The VIEW SERVER STATE permission • The ALTER ANY AUDIT permission • The VIEW AUDIT STATE permission (gives only the principal access to the sys.server_audits catalog view) http://www.sql-programmers.com/sql-database-audit.aspx
  • 12. PERMISSIONS – contd… Principals in the sysadmin role can tamper with any audit component and those in the db_owner role can tamper with audit specifications in a database. SQL Server Audit will validate that a logon that creates or alters an audit specification has at least the ALTER ANY DATABASE AUDIT permission. However, it does no validation when you attach a database. You should assume all Database Audit Specifications are only as trustworthy as those principals in the sysadmin or db_owner role. http://www.sql-programmers.com/sql-database-audit.aspx