Anyway to create a SQL Server DDL trigger for “SELECT” statements?

前端未结

关注

 6  1119

太阳男子 2020-12-03 18:34

I am dealing with some sensitive Accounting tables and I would like to audit any SELECT statement executed on the table or any views associated with them.

6条回答

难免孤独 (楼主)

2020-12-03 19:06
You have 3 options:
- allow access via stored procedures if you want to log (and remove table rights)
- hide the table behind a view if you want to restrict and keep "direct" access
- run a permanent trace
I'd go for options 1 or 2 because they are part of your application and self contained.

Although, this does sound a bit late to start logging: access to the table should have been restricted up front.

Also, any solution fails if end users do not correct directly (eg via web server or service account). Unless you use stored procs to send in the end user name...

View example:
```
CREATE VIEW dbo.MyTableMask
AS
SELECT *
FROM
    MyTable
    CROSS JOIN
    (SELECT 1 FROM SecurityList WHERE name = SUSER_SNAME())
--WHERE could use NOT EXISTS too with table
GO
```
0 讨论(0)

查看其它6个回答
发布评论:

提交评论
- 加载中...