November 10, 2010 at 4:51 am
I have a very simple logon trigger on SQL 2005.
CREATE TRIGGER Tr_ServerLogon
ON ALL SERVER FOR LOGON
AS
BEGIN
INSERT INTO AuditDatabase.dbo.LogonHist
SELECT SYSTEM_USER,USER,@@SPID,GETDATE()
END
GO
A login as Windows Authentication produces one row in the LogonHist table.
However if I log on as a SQL Server Authentication user I get a logon error:
Cannot connect to <my machine name>
Additional information:
Logon failed for login 'test' due to trigger execution.
Changed database context to 'master'.
Changed language setting to us_english. ( Microsoft SQL Server, Error: 17892 )
The sa user works though.... and if I assign sysadmin server role to the test user it also works....
Has anybody encountered this ? :/
November 10, 2010 at 6:03 am
Does the "test" user have permissions on AuditDatabase database?
Pradeep Adiga
Blog: sqldbadiaries.com
Twitter: @pradeepadiga
November 10, 2010 at 6:07 am
This means that "Test" User is unable to execute the Trigger,
Create TRIGGER Tr_ServerLogon
ON ALL SERVER WITH Execute As 'sa' FOR LOGON
AS
BEGIN
INSERT INTO AuditDatabase.dbo.LogonHist
SELECT ORIGINAL_LOGIN(),USER,@@SPID,GETDATE()
END
GO
1. Execute As 'sa' will make sure that Trigger can be executed,
2. Original_Login() will return Original Login Name Used, (Test in Your Case).
Vishal Gajjar
http://SqlAndMe.com
November 10, 2010 at 6:13 am
Ah that´s the case 🙂
I need to add a "WITH EXECUTE as..." clause in the trigger definition
Now it works, thanks 🙂
May 29, 2013 at 10:21 am
can you please explain how is this change handled in sql server ?
May 29, 2013 at 10:24 am
the other option, instead of EXECUTE AS, is to GRANT INSERT ON AuditDatabase.dbo.LogonHist to PUBLIC;
then every user would technically have rights to the table so the trigger can isnert into it.
Lowell
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply