October 15, 2007 at 6:23 am
We have a database where the system administrators (3) have server permissions as System Admins and Security Admins on the server; this is needed by the application itself. Accordingly the system administrators log on as a particular generic logon to grant users permisions etc.
We have discovered by change that one of them appears to have granted rights to a set of users to two certain views.
Is there any sp which can tell me if either of the other two have done this also ?
:Whistling:
Madame Artois
October 15, 2007 at 6:47 am
Am i reading the question correctly? you are trying to find out if an object has changed owners? or are you trying to audit WHETHER a login has issued the command to change the owner of an object?
other than comparing a backup /reading the transaction log for changes, there is no built in audit that would determine who/when an object's owner was changed, nor is there a log for who issued and commands. Maybe if your database was in c2 audit mode, but i've never tried that yet.
Some of the log reading programs like Lumigent Log Explorer, RedGates' SQL Log Rescue can identify some or all of these changes, but unless you have a full backup prior to the changes, have the database in FULL recovery mode and not simple, then you can only set this up to discover future changes, and not those that already occurred.
Lowell
October 15, 2007 at 7:13 am
Sorry but its neither of those. The three system admins are supposed to use the generic login to grant/revoke user privileges. If one of them logins as themselves then grants/revokes privileges then that system admin login cannot be dropped in the future.
I am looking for a sp or workaround to find out if either of the other two system admins have granted/revoked privileges under their own name rather than the generic user.
We will then have to work out what to do next!
:Whistling:
Madame Artois
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply