Another team in my company is using an unknown-to-me migrator tool.
When I edit a stored procedure in SSMS (ALTER PROCEDURE xyz...), the migrator notices the change, and they push a button to send it on to Test and Prod.
However, if I use a custom C# app to connect to the SQL Server and run the same ALTER, the procedure is changed, but the migrator refuses to see the change. So the workflow stops.
I even changed my app to drop and recreate the procure from scratch, and the migrator still doesn't see the change.
sys.objects clearly has fresh dates in create_date and modify_date.
Any idea what this migrator might be using behind the scenes that might be causing my grief?
The ways the tool might detect changes are an SSMS add-in, DDL trigger, or server-side trace. With the the last 2 methods, SSMS-only changes might be filtered by examining the application name.
Try specifying application name "Microsoft SQL Server Management Studio" in your SqlClient connections string. That should work if schema changes are captured by a filtered DDL trigger or trace.
Related
This question is about SQL Server
In the past, I have created a stored procedure that was run on a timely basis by (if I remember correctly) a database trigger. As I recall, there was a wizard (dialog box with "NEXT" buttons) that I used to set things up to have the stored procedure run automatically. That was some time ago. Now when I search for database trigger information online, I find only information about -- creating triggers for when a table is updated or modified. Maybe I am using the wrong terminology and what I am looking for is not a "trigger" at all.
It's not a trigger what you are looking for.
You need to find sql server agent in sql server managment studio, create a new job, add a step, select database and use the command EXEC yourSpName to run the stored procedure.
The in the schedule you can set when you want to run it.
My client has been using Microsoft Access 2010 for quite a while and they received some Security Audit Requirements. They are using a Linked Tables approach connecting to Microsoft SQL Server 2012 Express.
The requirements states that all actions against the data must be logged. (INSERT, UPDATE, DELETE AND SELECT statements)
For the INSERT, UPDATE, DELETE statements I could create a trigger which would log the changes.
The issue is around the audit of SELECT statements. If the data was read-only, I could have used a Stored Procedure which would have logged the query. But executing a Stored Proc makes a Recordset not updatable.
Does anyone have an idea how to approach this challenge?
I'm open to a lot of strategies... (Connecting Access to SQL through a web service, anything...)
It's important to note that my client does not have $30k to spend on an Enterprise edition of SQL Sever as they are a small-business with less than 10 employees.
SELECT statements are part of the database-level audit action groups in SQL Server. (Search that page for "database-level audit actions".) But that level of auditing requires SQL Server Enterprise edition.
Theoretically, you can limit all access to use only stored procedures regardless of whether the data is read-only. Write the stored procedure to write auditing information to the log first, then do whatever else needs to be done--SELECT, INSERT, etc.
Practically, you might not be able to do that. It depends on the applications that hit your database. Limiting all access to use only stored procedures can break applications that expect other things. (How would a Ruby on Rails application respond if you switched to just stored procedures?)
A bulletproof audit system that makes your database unusable isn't very good; it's simpler and cheaper to just shut down the database server altogether.
You could upgrade to a SQL Server edition that supports SQL Server profiler.
The other option is to get other tools to audit like sql audit for example.
You could turn on JET showplan. This would log all queries used by Access.
http://www.techrepublic.com/article/use-microsoft-jets-showplan-to-write-more-efficient-queries/?siu-container
As I pointed out in comments you really fooling the audit requirements UNLESS each form is opened using a where clause that limits the viewing of data in that form to the ONE record. If you don’t do this, then a form opened to a linked table could have 1000’s of records, and user(s) hitting ctrl-f to find and jump to one record means the SELECT statement tells you ZERO about what the user actually looked at. So while you can turn on show plan, the audit concept would not tell you anything about what the user actually looked at unless application design changes are made to restrict forms to one record. And to be fair, 99% of my applications in fact do open and restrict the main editing form to the one record via a where clause.
So while you can technology wise log all SELECT commands as per above, it not really in the sprit of such a log since such a log would not be of any use to determine what actual records the user looked at.
I want to save any kind of log/tables with every query executed by my application.
I know I could do this by coding it (before I make any query, I insert a new row in a log table with the query and the user who is executing it.
I have read it can be done automatically but I'm not sure how can it work with WCF Services. I mean every query is going to be executed by the same SQL user and this wouldn't be very useful for audit operations (I need to know WHO made every query, and users will be validated against my own users tables).
Have you ever had a similar scenario? Thanks in advance!
As a starting point it may be worth looking into doing this via SQL Server Profiler. You can normally find this in the Tools Menu in Management Studio.
You can set up a trace to capture all SQL run on a server. More importantly you have a myriad of filter options which can be applied so that you only capture the data you are interested in (e.g. DatabaseName, UserName).
This information can be stored directly in a SQL Table, which should give you the abillity to join onto. Of course running anything like this will result in some overhead on the SQL box.
You can try the SQL Server Audit feature. It audits singe or groups of events both on server and database level. However, be advised that the database level auditing is available in SQL Server Enterprise and Developer editions only
if some one delete any object from my database like table,view,sp etc then how can get those detail like who delete and when delete from transaction log. is it possible. please tell me easy way to read transaction log as a result i can get those detail properly.
thanks
No, ransaction log was created for different purposes. There are some product different vendors which is trying to get information from transaction log, but it is not right way.
who delete and when delete
If you need this information you need to create triggers to table for delete or update and collect this information.
If you use MS SQL 2008 you can use Change Data Capture feature.
Apparently you could use a third part product such as Apex SQL Log, although personally I have not used it.
Dependant on how recent the incident occured, you may also be able to extract the information you require from the built in reports in SQL Server 2005 such as the Schema Changes History Report. This information is accessable to you via means of the Default Trace. See using the Default Trace for details.
What you really need to take away from your incident is to use the lesson to devise a schema audit strategy for your environment. There are plenty of articles on the internet that detail how this can be achieved using Triggers. For example see Using DDL Triggers in SQL Server 2005 to Capture Schema Changes
You can restore the database (without overwriting it!) from a full backup / transaction log backup and then copy the deleted objects from there. It's good practice to save the source code for your stored procedures, views and tables outside the database, usually in a source control system, so you don't have to restore database backup to get them.
You can use either DDL triggers or The SQL Server Audit feature
DDL triggers fire on CREATE, ALTER, DROP, and operations related to database object security settings (e.g. GRANT, DENY…)
In the following example, a DDL trigger tracks the CREATE, ALTER, and DROP operations executed on database tables, stored procedures, functions, and views. The trigger example uses a previously created repository table (DDL_Events_by_DDL_TRIGGER) with appropriate rows
CREATE TRIGGER DDL_TRIGGER ON DATABASE
FOR CREATE_TABLE ,
ALTER_TABLE ,
DROP_TABLE ,
CREATE_PROCEDURE ,
ALTER_PROCEDURE ,
DROP_PROCEDURE ,
CREATE_FUNCTION ,
ALTER_FUNCTION ,
DROP_FUNCTION ,
CREATE_VIEW ,
ALTER_VIEW ,
DROP_VIEW
AS
DECLARE
#event xml;
SET
#event = EVENTDATA();
INSERT INTO DDL_Events_by_DDL_TRIGGER
VALUES
(
REPLACE(CONVERT(varchar(58),
#event.query('data(/EVENT_INSTANCE/PostTime)')), 'T', ' ')
,
CONVERT(varchar(185),
#event.query('data(/EVENT_INSTANCE/LoginName)'))
,
CONVERT(varchar(185),
#event.query('data(/EVENT_INSTANCE/DatabaseName)'))
,
CONVERT(varchar(185),
#event.query('data(/EVENT_INSTANCE/SchemaName)'))
,
CONVERT(varchar(185),
#event.query('data(/EVENT_INSTANCE/ObjectName)'))
,
CONVERT(varchar(185),
#event.query('data(/EVENT_INSTANCE/ObjectType)'))
,
CONVERT(varchar(max),
#event.query('data(/EVENT_INSTANCE/TSQLCommand/CommandText)'))
);
The repository table will contain (as specified in the trigger) DDL operations on the database schema, along with information about who, when, and what was altered
Another native method that can be used to determine whether a SQL Server database has been altered is the SQL Server Audit feature. The feature was introduced in SQL Server 2008 and it collects both server and database level actions raised by the SQL Server Extended Events feature. However, the database level action groups are available in SQL Server Enterprise and Developer editions only
Is there a built in way in SQL Server 2005 to audit things specifically like deleting a stored procedure? Is there a history table that I can query? We have a mystery sproc that has disappeared a few times now.
You can build this using DDL triggers:
http://msdn.microsoft.com/en-us/library/ms190989.aspx
Only if you use DDL triggers or use profiler to trace text "%DROP%PROC%procname%"
Note that in SQL Server 2008 they also now have AUDIT to replace Profiler Traces for auding activities. It is similar but has its own configuration UI and UI to view results
You can setup a profiler trace to capture the Audit Schema Object Management event and filter based on the database name you care about. Any time an object in the schema is created, dropped, edited it will fire an event in profiler that includes the person who did the change and the name of the stored procedure.
You will want at least these profiler columns:
ApplicationName - name of app user was running when they made change
DatabaseName - Databse containing the object changed
EventSubClass - Type of action shows Alter, Modify, Drop, Create etc
LoginName - user making change
ObjectName - object affected
[late one but adds details on how to see who made the change even before auditing system is put into place]
Others have already covered different ways you can start auditing data in order to monitor future changes but if you originally didn’t have any auditing system in place then it’s very difficult to find out who did what and when historically.
Only option is to try reading transaction log assuming database is in full recovery mode. Problem is that this is not supported by default. Options are:
Third party tools such as ApexSQL Log or Quest Toad
Undocumented functions such as DBCC LOG or fn_dblog
See these topics for more details:
How to view transaction log in SQL Server 2008
SQL Server Transaction Log Explorer/Analyzer
How to see query history in SQL Server Management Studio
I agree. It can be the SQL Server profiler with filters. The DDL triggers existed in SQL Server.
You could create something like this:
CREATE TRIGGER ddl_drop_procedure
ON DATABASE
FOR DROP_PROCEDURE
AS
RAISERROR ('You deleted a stored procedure',10, 1)
GO
The other option is to use third party tools like Auto Audit from codeplex, or apexSQL trigger.