SQL 2012 :: Efficient Way To Monitor User Access To Database
Apr 22, 2014
Currently there are various teams accessing the database. For costing reasons, we need to track usage.Is there an efficient way to monitor User access to the database.Can we track which user has executed which query(SELECT,insert etc),the login time and such parammeters?
I would like to know if there is a way to find out who changed a users roles/access WITHOUT using the audit function. For example, if a user account was created and given SA access then changed to read only, how can I find out who made that change? I tried searching for an answer, but kept getting no results. I'm thinking this may tie into the sys.sysusers view?
I have to create a query that will be returning the users and the application modules they have access for. Along with the list of users and modules the query should also return if any module is not accessible for that user.
The 'ApplicationUsers' table is like this:
CREATE TABLE #ApplicationUsers ( userId INT, UserName VARCHAR(50) ) INSERT INTO #ApplicationUsers VALUES (1, 'Daniel'), (2,'Martin'), (3, 'Brandon'), (4, 'Doug')The 'ApplicationModule' table is like this:
[Code] .....
I used pivot query but there are a couple of limitations in it(may be I am making mistakes in it). First, the pivot columns are static whereas I need dynamic column names(Application Modules). Second, I need to include all the users with all the modules with access or without access that I am unable to achieve.
An SSIS task imports data from a flat file and inserts the data into a staging table. The staging table holds the data in its raw form. A second process then selects the data from the staging table, looking up the foreign key id's for raw data values, and then inserts the data into the live table.
SQL - Only key columns shown for clarity -- Staging Table CREATE TABLE Staging (Information VARCHAR(10), MachineName VARCHAR(10), Status VARCHAR(10))
[code]...
The insert into the live table should look up the id for machine 1, and the id of status success and insert the foreign key values into the live table for the row.There could be 1000's of rows for the output of machine 1 all with different status's - (all pre set in the Status table, i.e success, failure, rerun) and the same for lots of other machines held in the machine table.
What is the best to insert this data all in one go, rather than reading each row of the staging table one by one, looking up the foreign key values depending on the machine and status values, then inserting the data.
I was thinking along the lines of:
INSERT INTO dbo.LiveTable (Information, MachineID, StatusId) SELECT Staging.Information, dbo.Machine.MachineId, dbo.Status.StatusId FROM dbo.Staging JOIN Machine ON Machine.MachineName = Staging.MachineName JOIN STATUS ON Status.Status = Staging.Status But I notice the problem with this is, it doubles up the inserts!
I have been struggling with this one for awhile now.I have a domain group which only must view the steps and history of all agent jobs.I have added the group to the sqlagentreadergroup.I have created a new role and denied this role,add job,update job,delete job etc execute permissions.But the user still can change ,delete or create a new job.
All the groups and users in th new role,does not have sysadmin rights.
we have sql 2012 enterprise version
What else can i try.I need this for audit purposes.
Below query tells us if guest user is enabled or disabled in a particular database
SELECT dp.name, CASE perms.class WHEN 0 THEN 'Yes' ELSE 'No' END AS 'Enabled' FROM sys.database_principals dp LEFT JOIN (SELECT grantee_principal_id, class FROM sys.database_permissions WHERE class = 0 AND type = 'CO' AND state = 'G') AS perms ON dp.principal_id = perms.grantee_principal_id WHERE dp.name = 'guest';
Do we have a query which can also add the database name to above query output? The output must have columns with data against Name,Enabled,Database name
I have two databases DB1 and DB2 DB1 has a source table named 'Source' I have created a login 'Test_user' in DB2 with Public access. I have also created a view named 'Test_view' in DB2 which references data from DB1.dbo.Source
When I try to give a login access to a database I get the message: Error 21002: [SQL-DMO] users already exist in the database. I checked sysusers for the database and the users name is in there, even if the user has no login. Is it okay to just delete the record that has the users name from sysusers? Thanks
Downloaded and install SQL 2005 on 2003 member server. Downloaded and ran SQLServerSamples.msi, AdventureWorksBI.msi, AdventureWorksDB.msi, and AdventureWorksLT.msi.
When I go into Sql Server Management Studio I cannot find the Adventure Works database under databases. How do I access it?
My question is regarding SQL Server database security. I want to create a login using SQL Server Authentication and assign it db_owner rights for my database. So far so good. But the critical part is that I want to give exclusive rights for my database to this user only i.e. no other users (dbo, guest etc) should be allowed to access my database.
It will be good to present here the scenario which I need to implement. I am running an ASP.NET application that uses SQL server 2005 db at back end. The database server might have other databases as well but I don't want the administrator (either SQL server admin or the server administrator) to be able to get access to my database or even view the schema. I don't want any other user except my own user to be able to detach the database or perform backup or restore operations.
Please help.... I have designed an application that uses sql server 2005 express database. This application was intended to be installed and used on a local desktop machine. However, now this application needs to be also installed on several computers and still needs to use only 1 database. Part of the database saves local user settings, so what I have done thus far is use two connection strings: one for local database (because the application may be used as origionally intended) and one for remote database that everyone should be able to connect to.
When I remotely connect to the database, it works fine. However, it seems to be locked so when I chose the same database for another user I get the error message "This File Is In Use." I need to know how to unlock it and make it usable for several users at the same time.
Thank you for your help! Please let me know if you need more information or if something is unclear in my description.
I have inherited a new SQL Server 2008 database server and can not figure out how my user databases are being backed up. This database server is running under a VM.
All the user databases are being backed up nightly per the SQL server log. The backups are written to a virtual disk and is kicked off by the NT AUTHORITYSYSTEM user. I can not see the virtual disk. A restore task does not provide any information about the last backup. I have created a new database, and it is automatically included in the next set of backups.
I have looked at the windows event viewer with out any luck. There are no SQL Server Maintenance Plans or Agent jobs that call a backup. I have also checked the Windows Task Scheduler and can not find any task that does a backup.Could the backups be called from another server ?
I would like to remove an index from my database, but I need to verifythat it is not being accessed before I do that.I tried running Profiler, but it doesn't seem to be giving me theinformation I need. I put in a filter for ObjectName, but it seems tobe ignoring it - i get several entries in the profile trace, but novalue in the ObjectName column.Is there an easy way to monitor for object access?Thanks so much!SQL Servef 2000 SP4(I also have 2005, SP2, if there's a better way to do this with 2005)
I am newbie to SQL.I need to create an application will run on server, and of course will be installed by using admin user. I can use the install user to access to database on that server?
Hi friends, I have created a database DB1 using CREATE DATABASE DB1 command. Then i created login name using CREATE LOGIN login1 WITH PASSWORD = 'password1' command and created user name using CREATE USER user1 FOR LOGIN login1 command. Now i have to assign the user1 to the database DB1. Any one please tell me how to assign DB1 access privilege to user1?
How do I create a user that has full access to a database using only SQL statements?
I've create very basic database called "sampledb".
Then I've done:
CREATE LOGIN sampleuser WITH PASSWORD = '123sampleuser', DEFAULT_DATABASE = sampledb; USE sampledb; CREATE sampleuser FOR LOGIN sampleuser WITH DEFAULT_SCHEMA = 'db_owner';
Then I logon to SQL server express 2005 management studio using this user, first of all I do not see the sampledb database listed under "databases" even though it is selected in the "available databases" toolbar (how do I list it there? Because going through "attach..." tells me I do not have the privileges to browse for the database to attach).
I then open up a new query (sampledb is selected), and type (products is one of the table in sampledb): select * from products;
And I get:
Msg 229, Level 14, State 5, Line 1
The SELECT permission was denied on the object 'Products', database 'sampledb', schema 'dbo'.
Shouldn't the chosen schema (db_owner) give me the right to do this? And how do I fix this from the query window (without going through the GUI, just using SQL statements)? And how do I list sampledb under the databases when I log in as this user?
I am using SQL Server Express Edition 2005 as a backend database working with Visual Basic 2005.
I am using Vista and having two users to access to my computer. User-1 and User-2.
I created a database in User-1 and works fine Visual Basic 2005.
Now the problem is when i login to my computer system with User-2. I cannot able to access the database with encountering error like "User-1/SQLExpress". I know that i cannot able to access to database which was created in User-1.
Do you any solution to this problem. when i login with user-1 and user-2 it should able to access database.
I want to know how efficient are cross database selects such as
select column from data.dbo.table;
The reason I'm inquiring is because I want to design a database whereas I'm tightly coupling the tables in several databases that are all referencing each other in some way shape or form.
If it is not too efficient or if you know of a way to make these cross database selects more efficient please offer the suggestion.
if db_id(@DbName) = Null begin Print 'DataBase dose not Exist' end else
Begin Declare @spId Varchar(1000)
DECLARE TmpCursor CURSOR FOR Select 'master..xp_CmdShell ''Net Send ' + rtrim(convert(Varchar(50), HostName))+' "Dear ' + upper(max(rtrim(loginame)))+ space(1) + @Msg + '"''' as spId from master..SysProcesses where db_Name(dbID) = @DbName and spId <> @@SpId and rtrim(ltrim(HostName)) <> '' and HostName <> host_Name() and dbID <> 0 and spId > 50 group by HostName
I have a SSIS package that copies data from one database, into another, makes a backup, and then FTP's up the backup to a web server. In Sql Server I've made a job to run the package and a Stored procedure to activate the job from an Access database front-end.
Can anyone tell me how I might return a success/failure message to my access user?
Are there ways in SQL server to deny connecting to a instance? Basically i am looking for a way where data is accessed only through application , even the DBA's shouldn't have access to the data though they are sysadmins? Someone told me this is possible in SQL 2014? This is only for individual access, i know i can put some encryption in app layer.
I know i could use Process explorer to find processes which are accessing a drive or a folder, i need exact same thing to be recorded/monitored. Basically i need list of all processes accessing a drive/folder.
When I try to open Activity Monitor from SSMS I receive the message "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) (mscorlib)". - more details below.
I have a SQL Server 2012 Enterprise SP1 installed in an Active/Passive cluster configuration on Windows 2008 R2 Enterprise SP1. The problem happens using sa and a domain administrator.
------- more details ------- Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) (mscorlib) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize()
Please forgive the simplicity of this question - I am not the dba type. When I connect to a server and look at my connection attributes in activity monitor, the user column shows the correct information for my domainusername. When I run a certain stored procedure in that connection, the domainusername changes to another person. We are not using execute as, setuser, or anything special to explicitly change the user. The stored procedure is in a schema that is owned by dbo (principal_id = 1 - I verified by checking sys.database_principals.)
I have a SSIS package set up that will transfer a file from a location on the network drive and transfer it over FTP to another location.
When I manually run the package, the file is transfer with no errors. But when the job is automated (via Job Activity Monitor) the transfer fails?
I have set the ProtectionLevel of the package to "EncryptSensitiveWithUserKey" and also converted the package to a Development Model. The settings for the FTP is saved within the package.
What am I missing? below is the error message
Executed as user: UHBInfoSQLAgent. Microsoft (R) SQL Server Execute Package Utility Version 11.0.5058.0 for 32-bit Copyright (C) Microsoft Corporation. All rights reserved. Started: 08:43:02 Error: 2014-10-13 08:43:03.72 Code: 0xC001405F Source: ResearchWebsite
We have killed a job which is now in KILLEDROLL BACK state. Job activity monitor is not showing any running jobs but I can see the SPID of that job. When tried to kill again its giving the message ‘command completed successfully‘, not able to get the percentage or time for the roll back to complete.
Another DBA tried to create a snapshot and it was stuck and I believe it was because of this ROLLBACK as both were using same Database.
I'm trying to grant a user group select access to all the views in a database. I already made a query which creates a result set whit the SQL Syntax I (displayed below) need but it seems to be impossible to get this result set executed after creation.
use [AdventureWorksDW2008R2] SELECT 'GRANT SELECT ON [' + SCHEMA_NAME(Schema_id) + '].[' + name + '] TO [DOMAINGROUP]' FROM sys.views;
How do I grant a user permissions to only one table in a database. How would it affect him using our Main App which is NAV with regards to his user's permission in NAV