Get Audit data at column level

  • We have SQL Server 2012 Enterprise Edition. We want to use the Audit feature to track down users that are retrieving sensitive data and log them in a file or SQL table. Specifically, we want to track users selecting sensitive columns such as SSN (social security number) or Tax ID from certain tables. So, if I have a table called Member and one of the column is SSN, how can I use Audit feature to track users that have (use SELECT statement) selected SSN column as part of their query and if this query does contain the SSN column, write the query out and username to the log file or table.

    I did some research on the Audit feature, it does provide audit at table level, that is, you can capture the SELECT statement and write it to a file, but it does not give the granularity if a particular column is in that query (as I mentioned in above paragraph). Perhaps, SQL Server Audit does provide that granularity, so I would like to ask you if you have implemented the feature I asked above and share with us - if you will.

    Thanks a lot,

    Jimmy

  • Quick thought, how about using Extended Events and capture OPEN SYMMETRIC KEY, surely those columns are encrypted?

    😎

  • I tested extended events and it works the way I want. But is there a way to incorporate it into SQL Server Auddit so that I can enforce it as a policy and not a separate thing.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply