March 23, 2011 at 4:58 am
I'm using SQL Server 2008 cumulative update 7 for sp1 (10.0.2766).
I have server and database level audit specifications in place and they have been working well.
We use mixed server authentication but for the purposes of this question, we can focus on Windows Authentication mode.
I want to add a new audit action for UPDATES to a specific table. The issue I am having is that I don't want to use public as the Principal Name nor do I want to specify individual logins. Rather, I wish to audit on a specific login group, which has been already setup as a login/user for the database in question.
SSMS allows you to create such a scenario using the database audit specification interface. However, when I test this by performing an UPDATE (my individual login is in the login group I'm auditing), I do not see any audit event associated with the operation.
I have stopped and started the audit specification, both at the database and server level.
Am I missing something here?
March 23, 2011 at 2:41 pm
For those of you who are interested, it turns out I was missing something here.
The particular group I was auditing against in this case actually has sysadmin privilges and as a result, was indirectly mapped as database user dbo.
Once I changed the principal name in the audit action name to dbo, I found the event was then being audited. In the audit event, the server principal name showed my domain user account.
Thanks to a colleague for pointing this out to me!
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply