权限更改sql server的审计登录触发器
Cha*_*kya 4 sql-server t-sql sql-server-2012
在我的办公室,有人更改了用户对生产数据库的权限。所以在那之后我决定写一个 ddl 类型的触发器来审计权限更改。我已经用谷歌搜索了这个,但我找不到合适的解决方案。那么你们可以给我推荐几个链接或任何示例代码吗?
我想捕获谁更改了权限以及何时更改了权限。
提前致谢。
看看 这个 。
CREATE TRIGGER DDL_AUDIT_Logins ON ALL SERVER
FOR DDL_DATABASE_SECURITY_EVENTS AS
SET NOCOUNT ON;
DECLARE @EventsTable TABLE (
EType NVARCHAR(max)
,EObject VARCHAR(100)
,EDate DATETIME
,EUser VARCHAR(100)
,ECommand NVARCHAR(max)
);
DECLARE @EType NVARCHAR(max);
DECLARE @ESchema NVARCHAR(max);
DECLARE @DBName VARCHAR(100);
DECLARE @Subject VARCHAR(200);
DECLARE @EObject VARCHAR(100);
DECLARE @EObjectType VARCHAR(100);
DECLARE @EMessage NVARCHAR(max);
DECLARE @ETSQL NVARCHAR(max);
SELECT @EType = EVENTDATA().value('(/EVENT_INSTANCE/EventType)[1]',
'nvarchar(max)')
,@ESchema = EVENTDATA().value('(/EVENT_INSTANCE/SchemaName)[1]',
'nvarchar(max)')
,@EObject = EVENTDATA().value('(/EVENT_INSTANCE/ObjectName)[1]',
'nvarchar(max)')
,@EObjectType = EVENTDATA().value('(/EVENT_INSTANCE/ObjectType)[1]',
'nvarchar(max)')
,@DBName = EVENTDATA().value('
(/EVENT_INSTANCE/DatabaseName)[1]',
'nvarchar(max)')
,@ETSQL = EVENTDATA().value('(/EVENT_INSTANCE/TSQLCommand/CommandText)[1]',
'nvarchar(max)');
INSERT INTO @EventsTable
SELECT @EType
,@EObject
,GETDATE()
,SUSER_SNAME()
,@ETSQL;
SET @EMessage = 'Login_Event: ' + @EType + CHAR(10) + 'Event Occured at: '
+ Convert(VARCHAR, GETDATE()) + CHAR(10) + 'Changed Login: ' + @EObject +
CHAR(10) + 'Changed by: ' + SUSER_SNAME() + CHAR(10) + 'Executed T-SQL: ' +
@ETSQL
SELECT @Subject = 'SQL Server Login changed on ' + @@servername;
EXEC msdb.dbo.sp_send_dbmail @recipients = 'DDL_Alert@companydomain.com'
,@body = @EMessage
,@subject = @Subject
,@body_format = 'HTML';
SET NOCOUNT OFF;
GO
结果:
