Someone deleted my azure database tables and procedures. Now I want to know from which workstation/ip this has happened.The person used db owner Id.
Azure portal activity logs don't give any details as deletion is done through sql queries.
I know how to see active sessions in sql service, but I want the history of sessions that existed in last 3 days with my database. Please help!
Using the below query can find the history of connection sessions, but it only can shows the local client IP address:
SELECT connection_id,
c.client_net_address,
c.session_id,
connect_time,
client_net_address,
client_tcp_port,
host_name,
program_name,
login_name,
row_count
FROM sys.dm_exec_connections c
JOIN sys.dm_exec_sessions s ON s.session_id = c.session_id
You will get the results like this:
Maybe it can help you know from which workstation/ip this delete operation has happened
Hope this helps.
Related
I have very general question, we are a bunch of analytical consultants. We use same server with multiple instances. Is there a way I can track which instance is opened by which desktop user?
Thanks for your time.
This is what I see on my taskManager:
Is there a way I could know the desktop username, who is on which instance. Please let me know the workaround. Thank you so much.
if you are refer to user instance that connect to a same server via RDP
you can check user session information on task manager > user tab
if you are refer to which process instance is run by which users
then you can go to task manager > Details tab
You can create a linked server for all of your instances and call a query like this:
SELECT DISTINCT 'INSTANCE 1', loginame, hostname, dbname
from openquery(LINKEDSERVER1,'EXEC sp_who;')
UNION
SELECT DISTINCT 'INSTANCE 2', loginame, hostname, dbname
from openquery(LINKEDSERVER2,'EXEC sp_who;')
For more information about how to create a linked server, please check https://sqlserverplanet.com/dba/how-to-add-a-linked-server
I generated master.dbo.syslogins and sys.sql_logins for the auditors the other day. Today they asked me to explain why the SQL login accounts between the 2 listings did not match.
I'm not really sure how to answer this. My best guess is that there's certain service accounts which do not have SQL server logins and would therefore not show up on master.dbo.syslogins. But then I ran into a problem where there were SQL logins found on master.dbo.syslogins that were not listed on sys.sql_logins.
The documentation available online seems to suggest the same but they still felt it wasn't enough. Has anyone else had to answer a question like this before? How did you guys go about it?
sys.sql_logins does not include Windows logins or certificate-mapped logins. A closer match to the legacy syslogins would be:
select *
from sys.server_principals
where type in ( 'U','S','C')
I believe sp_helplogins would helpful in your case, it would provides information about logins and the users associated with them from each database as quick reference and without any effort i.e. joining multiple system tables.
I need to be able to stop Microsoft Office applications from connecting to my SQL database except if the login used is part of a specific AD group.
Only those within said AD group should be able to connect to the database with any Office application. This is even possible?
SQL Server 2012 Enterprise.
I know they're configured for the whole server, but I'm thinking of creating a trigger. I've created a table that is constantly updated with the AD users and created the below join. What I need is for everyone that is returned by this query to access the database with their desired Office app, and everyone who isn't returned to be rejected.
SELECT A.LOGIN_NAME, A.PROGRAM_NAME, B.LOGIN NAME
FROM sys.dm_exec_sessions A
JOIN AD_Group_Members B ON A.login_name = B.LOGIN NAME
WHERE session_id = ##SPID
AND program_name IN (N'2007 Microsoft Office system', N'Microsoft Office', N'Microsoft Office 2016', N'Microsoft Office 2013', N'Microsoft® Mashup Runtime')
I can't test this because I cannot get my hands of an adequate testing environment :/
So, would this work? Is there a better way of conducting this?
I know how to write the trigger, I'm just looking at getting the meaty bit right as I don't fancy blocking the wrong connections on a production box.
Anyone knows how to get the "logical server" create time? I'm unable to find this in any Azure cmdlet.
You could get it from Activity log.
Update:
Activity log is limited to 90 days. Another way you could find Deployments templates in Azure Portal.
In SQL, you could use following sql query to get creation data.
SELECT name, database_id, create_Date, compatibility_level FROM sys.databases
Please check this link.
I'm using V12 Azure SQL.
To list all logins (server level) we can use this query on master database:
SELECT * FROM sys.sql_logins;
To list all users (database level) we can use this query on a specific database:
SELECT * FROM sys.sysusers;
But how to get the correspondence between logins and users?
Where is the system table that stores this correspondence?
To find the login mapped for a user, look at the sid column from sys.sysusers.
This value corresponds to the sid column from sys.sql_logins in the master database.
Unfortunately, you cannot discover the login name for the SID while connected to the user database. You must connect separately to the master database once you have the sid and query sys.sql_logins to get the name.
When connected to the master DB you can run this query to make a list of the Logins and the Users
select l.name as [login name],u.name as [user name] from sysusers u inner join sys.sql_logins l on u.sid=l.sid
I hope this may work