DATABASE AUDIT SPECIFICATION ON SPECIFIC USERS

Similar Messages

• Can we have multiple database audit specification on a single server audit ?

  Hi,
  We are having a 2 node Sql Clustered instance of SqlServer 2008 R2 Enterprise running
  on windows server 2008 R2. We have about 88 databases in the instance.
  Our servers run on Intel Xeon(R) CPU X5670 @2.94 GHz with 6 cores(12 logical processor).
  The servers are having 12GB of RAM.
  We are planning to introduce database level audit to find if there is any activity on
  some of our databases. These databases are not growing in size and there is a request
  from the application team to ascertain whether the endusers are accessing the database
  over a period of time. In this context I have 2 queries-:
  1)Can we have multiple database audit specification on a single server audit ie can we
  audit multiple databases to find out the user activity on those databases at a time? Or
  should we a separate server audit for each database audit specification?
  2)We plan to have the target of the audit on a file on the same shared volume(lun) where
  the MDF file and LDF files are located(in EMC storage) and in this context what performance
  monitor counters should we watch to ascertain whether there is any performance degradation
  due to introduction of server audit.
  Thanking you in advance
  Binny Mathew.

  As Auditn  is at the SQL Server instance level. You can have multiple audits per SQL Server instance.
  http://msdn.microsoft.com/en-us/library/cc280386.aspx
  Database Audit Specification
  The Database Audit Specification object also belongs to a SQL Server audit. You can create one database audit specification per SQL Server database per audit.
  The database audit specification collects database-level audit actions raised by the Extended Events feature. You can add either audit action groups or audit events to a database audit specification. Audit events are
  the atomic actions that can be audited by the SQL Server engine. Audit action groups are predefined groups of actions. Both are at the SQL Server database scope. These actions are sent to the audit, which records
  them in the target. Do not include server-scoped objects, such as the system views, in a user database audit specification.
  Database-level audit action groups and audit actions are described in the topic SQL Server Audit Action Groups and Actions.
  You can also consider using a Profiler trace file to capture the events.
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• "Database Audit Specification" not available.

  Hi all, 
  Been asked by one of the developers to audit delete & insert for one night only so I thought to investigate built in auditing via "new
  Database Audit Specification".  I am in the sysadmin role but no  option to add a database audit, the server audit is however available.
  This is SQL 2008R2 enterprise. 
  Any ideas? 
  Thanks

   I am in the sysadmin role but no  option to add a database audit, the server audit is however available.
  This is SQL 2008R2 enterprise. 
  Any ideas? 
  Thanks
  It is something that should be created at Database level so you need to navigate to Database - Security folder.
  There "New DB Audit Sepcification" option can be seen.
  E.g.
  Cheers,
  Vaibhav Chaudhari
  [MCP],
  [MCTS], [MCSA-SQL2012]

• ALTER DATABASE AUDIT SPECIFICATION

  Hi, 
  I've created a database audit in SQL2008R2 and now can't seem to disable/delete it.  I assumed it would be a case of
  disable database audit 
  delete database audit
  disable server audit 
  delete server audit
  However I cannot even do steps 1 and 2. I scripted deletion of the database audit but when I run it from a query window it just runs and runs.  
  USE [Admin]
  GO
  ALTER DATABASE AUDIT SPECIFICATION [DatabaseAuditSpecification-20150420-122643]
  WITH (STATE = OFF)
  GO
  USE [Admin]
  GO
  DROP DATABASE AUDIT SPECIFICATION [DatabaseAuditSpecification-20150420-122643]
  GO
  Now I can't even open/refresh the "Audits" folder at the instance level, getting this error
  "Lock request time out period exceeded. (Microsoft SQL Server, Error: 1222)" 
  I have the option of restarting the instance tonight at 18:30, however I need to be able to audit
  a couple of databases for DELETE/INSERT before this time. 
  Any ideas? 
  Thanks in advance. 

  I suspect that you may need to have exclusive access to the database for a short period of time in order to disable the Database
  Audit Specification.
  Perhaps try switching the database to RESTRICTED_USER in order to perform the audit deletion/disable and then
  reverting back to MULTI_USER
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/0ef500d6-b902-4c64-88d3-e2871eb98ac8/trouble-while-enabling-database-audit-specification

• Auditing Specific user in 9i

  How do v audit the dmls (all : select,insert,delete &update) on a particular schema and particular table by a user, who had the previlege to do.

  Hi,
  Steps to do audit trial:
  (1) Turn the auditing on: AUDIT_TRAIL = true in init.ora
  (2) Restart the instance if its running.
  (3) Audit the table:
       AUDIT INSERT,SELECT,DELETE,UPDATE ON TableName
       BY ACCESS WHENEVER SUCCESSFUL
  (4) Get the desired information using :
       SELECT OBJ_NAME,ACTION_NAME ,
  to_char(timestamp,'dd/mm/yyyy , HH:MM:SS')
       from sys.dba_audit_object;

• How to find the database details from server audit specification with successfull login group?

  Hi,
  We have created a server audit for successfull logins.When we read the audit file using
  sys.fn_get_audit_file we find that all the fields related to the databases
  ie database_principal_id,database_principal_name,database_name are either 0 or null.
  Is there a method to find out to which database the login is accessing from the server
  audit specification of successfull login group.Although the logins are reading and writing
  data to the databases why there are no details of the databases?
  Thanking you in advance,
  Binny Mathew

  Hello Binny,
  The logins are used to connect to the instance and the access to the databases is performed via database users. So, once you connect to the instance via your login, the server level audit takes this action, records it, but without caring to which databases
  you want to connect after that. 
  Unfortunately there is no similar action group on the database audit specifications, that can track which user connected to the DB, except if you are using contained databases in SQL 2012.
  Probably you can share why you need such information and if there is something else specific that you wish to achieve, so we can propose a different solution/audit configuration.
  Regards,
  Ivan
  Ivan Donev MCT and MCSE Data Platform

• Audit specific objects for specific users

  audit statement has the option to choose audit by user list
  audit object has the option to choose audited objects
  now i need to audit specific objects, i.e. user A's tables accessed by a specific group of users, let's say ALL users other than A
  Is it a simple way to achieve this goal? (audit A's tables that accessed by all database users other than A)
  Thanks!

  sorry, the link works now. However, there is nothing new in 10G, same as I read from 9i document. See my highlight below in the quoted document text, my requirements is the combination of them ( specific users and specific objects). Thanks anyway.
  <quote
  Table 8-1 Auditing Types and Descriptions
  Type of Auditing (link to discussion)      Meaning/Description
  Statement Auditing      Enables you to audit SQL statements by type of statement, not by the specific schema objects on which they operate. Typically broad, statement auditing audits the use of several types of related actions for each option. For example, AUDIT TABLE tracks several DDL statements regardless of the table on which they are issued. You can also set statement auditing to audit selected users or every user in the database.
  Privilege Auditing
       Enables you to audit the use of powerful system privileges that enable corresponding actions, such as AUDIT CREATE TABLE. Privilege auditing is more focused than statement auditing, which audits only a particular type of action. You can set privilege auditing to audit a selected user or every user in the database.
  Schema Object Auditing
       Enables you to audit specific statements on a particular schema object, such as AUDIT SELECT ON employees. Schema object auditing is very focused, auditing only a single specified type of statement (such as SELECT) on a specified schema object. Schema object auditing always applies to all users of the database.
  Fine-Grained Auditing
       Enables you to audit at the most granular level, data access and actions based on content, using any Boolean measure, such as value > 1,000,000. Enables auditing based on access to or changes in a column.
  /quote>

• Access to Oracle Database by a specific user from a client system.

  Hi All,
  I need to restrict a particular client system to access the database only by a specific user credentials. I mean system A(hostname) can only connect the database PQR only and only by user U123. Any help is sincerely appreciated.
  Regards
  Swapan

  Hi,
  I solved it by a trigger at logon on V$SESSION which validates MACHINE like [HOSTNAME] and username not like [the_user_I_would_allow].
  It works now.
  Thanks for your reply.
  Regards
  Swapan

• Limiting file access auditing to specific users

  I'd like to enable file system logging for specific users. Presently, under Advanced Audit Policy Config on the local file server (Win 2k8 R2 Std) I have enabled Audit File Share - but I get every users activity.  I want to limit it to a few users. 
  As a test, I have added auditing to the security properties of a specific share, only for specific users, but that does not work if the Audit File Share isn't enabled.  And if it is, I get all users activity.  Any way to limit logging to specific
  users?  Thanks.

  Hi Mike,
  Based on my research, there are no system access control lists (SACLs) for shared files/folders, so that once we enable file share auditing, access to all shared files and folders on the system is audited.
  More information for you:
  Audit Detailed File Share
  http://technet.microsoft.com/en-us/library/ee215206(v=WS.10).aspx
  Audit File Share
   http://technet.microsoft.com/en-us/library/dd772690(v=WS.10).aspx
  Detailed File Share Auditing not working properly (Applying to All Files)
  http://social.technet.microsoft.com/Forums/en-US/42618663-61cf-4c05-9659-80c162511cbf/detailed-file-share-auditing-not-working-properly-applying-to-all-files?forum=winservergen
  Best Regards,
  Amy

• Allocating certain percentage of database resource to specific user

  Hi,
  Is it posisble to allocate a certain percentage of database reosurce to a specific user?
  We are using Oracle 11.2.0.3 on IBM Power Series 7 (AIX operating system) and find that if have to run the standard ETL during the day, the resources are swallowed up by this user.
  Oracle enterprise with partitioning license.
  It would be godd if could say ensure pl/sqwl ran on another separate schema always had x%age of resource?
  Is this possible?
  Thanks

  Hi
  I think You can do it creating resuorce plan and including the user into the corresponding group
  DBMS_RESOURCE_MANAGER.CREATE_PLAN( ...Regards,
  Pavel

• I want to receive all emails a specific user sends and receives

  Hello,
  I am a SysAdmin of a medium-sized company, and for different reasons, I would like to configure/implement what the title says.
  I would like to receive all the emails a specific user sends and receives without him noticing (even the ones he is CC'ed).
  Is this possible? If so, how can I do it?
  Note: we are running Exchange 2010.
  Thanks in advance.

  Note that the CAL requirement is stated clearly in the link I sent:
  Standard journaling   Standard journaling is configured on a mailbox database. It enables the Journaling agent to journal all messages sent to and from mailboxes located on a specific mailbox database. To journal all messages
  to and from all recipients and senders, you must configure journaling on all mailbox databases on all Mailbox servers in the organization.
  Premium journaling   Premium journaling enables the Journaling agent to perform more granular journaling by using journal rules. Instead of journaling all mailboxes residing on a mailbox database, you can configure journal
  rules to match your organization's needs by journaling individual recipients or members of distribution groups.
  You must have an Exchange Enterprise client access license (CAL) to use premium journaling.

• Video Phone only works when specific user initiates connection

  Hi,
  I have an application based on the Cirrus Video phone demo as presented here:
  http://labs.adobe.com/technologies/cirrus/samples/
  In general, this works fine, but for one specific user with whom I test, I have the following issue:
  When I initate the call, we are paired together by Cirrus, but his video/audio does not transmit to me. He can however see and hear me just fine.
  When he initaites the call, everything works fine.
  I'm concerned that this is an issue re. NAT/Firewall setup on standard home broadband connections, in that UDP is allowed through his firewall when the firewall sees that the connection has been initiated by him.
  I'm a web developer, rather than a Flash developer, and I'm just looking for a few leads so that I can investigate this.
  G

  My application works as follows:
  User1 (me) askes User2 (friend) if they would like to speak via AJAX text chat system
  When User2 confirms that they would like to do this:
  User1 browser loads Flash app
  Flash app connects and obtains session key from cirrus
  Flash app writes that session key to database
  User2 browser loads Flash app
  Flash app checks DB to see if session key exists
  If not, it waits, and check again in 10 secs
  When session key is finally found, Flash app connects to cirrus
  Cirrus now exchanges network data between clients, and P2P connection is established
  Call is placed from User2 to User1
  User1 answers
  Video and audio transmission starts from User1, and is received by User2
  No Video and audio transmission is received by User1 from User2 (text chat over Cirrus is however possible)
  All of this works in the majority of cases with other users, and when the roles are reversed, it also works.
  The only time it doesn't work, it when I try to call my friend.
  The behaviour described above can be seen in both my app, and the sample provided by Adobe at:
  http://labs.adobe.com/technologies/cirrus/samples/
  I hear what you are saying about RTMFP, but it really doesn't look like a coding problem, unless that problem also exists in the Adobe demo.

• How automatically to forward specific user PO, if no action taken in 24hs?

  Hi,
  We are using Oracle 11i with database 10g.
  Let, we have 3 users:
  User : A
  User : B
  User : C
  User : A --- Prepared the PO#123 and Send this to User : B.
  User : B --- He/She does not taking any action after 24 hours.
  How we can automatically forward this PO#123 to User : C for final approval ?
  Note:
  This case is only related to specific User : B, not for all others approval hirechy related users.
  Regards
  Edited by: 988461 on Apr 30, 2013 4:24 AM

  Yes but its limited:
  Our requriements are:
  Problem:
  PO forwarding automatically to specifuc approval hirarchy only.
  There are four positions in hirarchy;
  Person A
  Person B ---- 2 days
  Person C ---- 5 days
  Person D ---- 7 days
  1: Person A creates PO and forward it to Person B.
  2: Person B have 2 days to Approve/Reject it, if no action taken then it will be automatically forwarded to Person C.
  3: Person C have 5 days to Approve/Reject it, if no action taken then it will be automatically forwarded to Person D.
  4: Person D have 7(week) days to Approve/Reject it, if no action taken then it will be automatically forwarded to Person Z (Top position in hirarcy), that is not in approval hirarcy.
  Total 14-Days:

• Brief report of about 2 months for the sqls run under a specific user ?

  Hi,
  Is there a way i can get the brief report of about 2 months for the sqls run under a specific user in Oracle 11g.
  thanks in advance

  913410 wrote:
  Yes,
  auditing is enabled
  SQL> show parameter audit;
  NAME                                 TYPE        VALUE
  audit_file_dest                      string      /u01/app/oracle/admin/PRCMTDB/
  adump
  audit_sys_operations                 boolean     FALSE
  audit_syslog_level                   string
  audit_trail                          string      DBthen how to get the informationabove is necessary, but not SUFFICIENT
  default Oracle behavior is that NO specific actions are audited.
  You would have had to manually enable AUDIT for all SQL statement by single user

• SP to restrict use of specific activity type to specific user

  Hi experts
  I am trying to use SP to reserve some Activity types for use of specific user but am unsuccessful.
  I would be grateful for advice where I am in error?
  --Restrict use of Visit type activity
  IF (@object_type='137' OR @object_type='33') AND @transaction_type IN ('A','U')
  BEGIN
  If Exists (Select T0.ClgCode from OCLG T0 Where T0.DocEntry = @list_of_cols_val_tab_del and (T0.CntctType = 'test' AND T0.AssignedBy != 6)
  BEGIN
  Select @error = -1,
  @error_message = 'Reserved activity type - Please use another type'
  End
  End
  I also try using the following for CntctType:
  'test'
  '11'
  11
  and I also try using the following for AssignedBy;
  6
  'BOB BIRT'
  '6'
  Thanks for any assistance
  Karen
  Message was edited by: Andrew Birt
  I found mistake myself ... eventually.

  This is an example of using AFCSAccount->listRoom() :
      $am = new AFCSAccount($accountURL);
      $am->login($username, $password);
      echo "==== room list for {$accountName} ====\n";
      foreach ($am->listRooms() as $r) {
        echo "{$r->name}:{$r->desc}:{$r->created->format(DATE_RFC822)}\n";
  You would need to look at all rooms where $r->desc == "template name". Currently we don't provide a filter for this but I understand how this would be useful.
  The alternative is that since you are maintaining a database and use it for room creation, you should store the template information there for quick retrieval. Again, the way we store room informations is designed for fast access to specific rooms, but not for querying possibly long list of rooms.