December 14, 2015 at 3:43 pm
Sergiy (12/14/2015)
ScottPletcher (12/14/2015)
1) I wouldn't advise writing that type of info into error logs.Why?
What do you think Application Event Log is for?
For Application Events. Stored proc parameters are not events, of course.
SQL DBA,SQL Server MVP(07, 08, 09) "It's a dog-eat-dog world, and I'm wearing Milk-Bone underwear." "Norm", on "Cheers". Also from "Cheers", from "Carla": "You need to know 3 things about Tortelli men: Tortelli men draw women like flies; Tortelli men treat women like flies; Tortelli men's brains are in their flies".
December 14, 2015 at 3:44 pm
Sergiy (12/14/2015)
ScottPletcher (12/14/2015)
hopefully your normal app logins don't have that high a level.On a test host?
They should have the same level of permission in a test environment that they do in production, otherwise you haven't tested security, right?
SQL DBA,SQL Server MVP(07, 08, 09) "It's a dog-eat-dog world, and I'm wearing Milk-Bone underwear." "Norm", on "Cheers". Also from "Cheers", from "Carla": "You need to know 3 things about Tortelli men: Tortelli men draw women like flies; Tortelli men treat women like flies; Tortelli men's brains are in their flies".
December 14, 2015 at 5:28 pm
ScottPletcher (12/14/2015)
For Application Events. Stored proc parameters are not events, of course.
Starting a procedure is quite an event for the application.
And supplied parameters are part of description of that event.
Perfect fit.
_____________
Code for TallyGenerator
December 14, 2015 at 5:34 pm
ScottPletcher (12/14/2015)
They should have the same level of permission in a test environment that they do in production, otherwise you haven't tested security, right?
Do developers really have the same level of access to test servers as to Prod ones in your environment?
How do they do testing then?
And you do not need to break a security model to record an event into the log. There is a special permission for that.
_____________
Code for TallyGenerator
December 14, 2015 at 8:04 pm
Sergiy (12/14/2015)
ScottPletcher (12/14/2015)
They should have the same level of permission in a test environment that they do in production, otherwise you haven't tested security, right?Do developers really have the same level of access to test servers as to Prod ones in your environment?
How do they do testing then?
And you do not need to break a security model to record an event into the log. There is a special permission for that.
ALTER TRACE isn't a permission any account used by an application reasonably needs.
and developers doing QA testing should be working through application interfaces otherwise their chance of false positives goes way up. separate logins for test execution and test-case verification is a common approach.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
December 15, 2015 at 8:26 am
Sergiy (12/14/2015)
ScottPletcher (12/14/2015)
They should have the same level of permission in a test environment that they do in production, otherwise you haven't tested security, right?Do developers really have the same level of access to test servers as to Prod ones in your environment?
How do they do testing then?
And you do not need to break a security model to record an event into the log. There is a special permission for that.
Developers do. But the login under which the application runs does NOT. Otherwise, you don't have valid testing because it doesn't include security.
Your shop may run production procedures under individual developers' logins, but we certainly do not. And no place I've ever worked has, except perhaps on initial app launch while still in the "shake out" phase.
SQL DBA,SQL Server MVP(07, 08, 09) "It's a dog-eat-dog world, and I'm wearing Milk-Bone underwear." "Norm", on "Cheers". Also from "Cheers", from "Carla": "You need to know 3 things about Tortelli men: Tortelli men draw women like flies; Tortelli men treat women like flies; Tortelli men's brains are in their flies".
Viewing 6 posts - 16 through 20 (of 20 total)
You must be logged in to reply to this topic. Login to reply