Billy Pang
tuxedo_man at hotmail.com
Thu Dec 9 11:32:05 CST 2004
How about server side traces? The hostname data column can give name of client machine. Not sure if it fits your needs because it can only write to physical file. Billy >From: "Mackin, Christopher" <CMackin at quiznos.com> >Reply-To: dba-sqlserver at databaseadvisors.com >To: <dba-sqlserver at databaseadvisors.com> >Subject: RE: [dba-SQLServer] Who's using my db? >Date: Thu, 9 Dec 2004 09:04:21 -0700 > >Well my data is sensitive, but not life altering, and I don't want to even >begin to try to explain the details of the how's and why's of why it is the >way it is, but it's going to be that way for the forseeable future. > >I was specifically looking for EM and QA connections to the database, but >there may be nothing on the BE that can facilitate that, I will investigate >various traces and see if anything in there helps. Will post the info if I >find anything worthwhile. > >-Chris > >-----Original Message----- >From: dba-sqlserver-bounces at databaseadvisors.com >[mailto:dba-sqlserver-bounces at databaseadvisors.com]On Behalf Of Jim >Lawrence (AccessD) >Sent: Thursday, December 09, 2004 8:55 AM >To: dba-sqlserver at databaseadvisors.com >Subject: RE: [dba-SQLServer] Who's using my db? > > >There is a data that is a lot more sensitive than HR information. The >government has pools of data such as 'Search Warrants', 'On going >Investigation' (local, regional and international), 'Criminal record >searchable data', 'Judge Rotation Data', 'Gang investigations', 'Privy >Consul seconds' etc... > >Much of this type of data is not accessible by even senior staff... How >would techs be chosen to manage such information? > >Jim > >-----Original Message----- >From: dba-sqlserver-bounces at databaseadvisors.com >[mailto:dba-sqlserver-bounces at databaseadvisors.com]On Behalf Of Elam, >Debbie >Sent: Thursday, December 09, 2004 5:37 AM >To: 'dba-sqlserver at databaseadvisors.com' >Subject: RE: [dba-SQLServer] Who's using my db? > > >I have encountered this too. I had to put together a temporary repository >for HR data once. The HR people carefully gave me fake data at first to >test so there would be no privacy violations. I told them their diligence >was admirable, but useless. I could not administer the system without >having access to the data in it anyway. To make it even worse, I had only >recently been hired after one of the shortest hiring cycles ever seen. >(Told the job existed and had an interview scheduled the next morning, >hired >that afternoon) This company keeps the payroll computer off of the LAN for >just this reason though. > >Debbie > >-----Original Message----- >From: Mark Breen [mailto:mark.breen at gmail.com] >Sent: Thursday, December 09, 2004 1:39 AM >To: dba-sqlserver at databaseadvisors.com >Subject: Re: [dba-SQLServer] Who's using my db? > > >Hello Jim, > >If I understand Christopher correctly (and sorry to all if I do not), >he is talking about a sys admin person going in using EM or SQL >Analyser and reading raw tables. Of course this person has rights to >do anything on the SQL server (from a technical perspective) but >morally they do not have rights to read the data. > >This raises a whole other question: Companies employ senior managers >to look after highly confidential issues, such as HR or other >sensitive and then they employ young guys and gals to be sys admins, >paid Euro 25k per annun and the young guy or gal had rights to the >entire network. This is wrong, but what are the alternatives? > >Some young guy comes in off the street, joins the IT department to >just install PCs and has access to confidential data. More rights >that senior managers in the company. My gripe is not with the >unfairness to the senior manager, what I am concerned with it that the >industry seems to have overlooked this front door access that we give >to this select group of employees without concern to normal security >issues. > >What do you all think > > > > >On Wed, 08 Dec 2004 18:10:10 -0800, Jim Lawrence (AccessD) ><accessd at shaw.ca> wrote: > > Hi Christopher: > > > > Is it not possible to have the data on the SQL only accessed through SPs >or > > views. In each of these SPs there would be a function call that would >write > > a record of it's access to a transaction log table. This technique is >done > > through all POS systems to track the users, access dates, times and any > > changes made to the invoice records. > > > > It all depends on your permissions on the BE. > > > > Jim > > > > > > > > > -----Original Message----- > > > From: Mackin, Christopher [mailto:CMackin at quiznos.com] > > > Sent: Tuesday, December 07, 2004 10:57 AM > > > To: dba-sqlserver at databaseadvisors.com > > > Subject: [dba-SQLServer] Who's using my db? > > > > > > Does anyone have any suggestions on how to track/view a log of users > > > that have accessed information on the Server and specifically at the > > > Database level? > > > > > > There are users authorized to view a particular db with confidential > > > information, and I need to verify that no other users are accessing >this > > > data. In this situation it's rather complex because security keeps >out > > > the majority of people, but there are certain people with the sa > > > password and admin rights on the server that should not be looking > > > either. > > > > > > Thanks in advance, > > > Chris Mackin > > > > _______________________________________________ > > dba-SQLServer mailing list > > dba-SQLServer at databaseadvisors.com > > http://databaseadvisors.com/mailman/listinfo/dba-sqlserver > > http://www.databaseadvisors.com > > > > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com >- JENKENS & GILCHRIST E-MAIL NOTICE - This transmission may be: (1) subject >to the Attorney-Client Privilege, (2) an attorney work product, or (3) >strictly confidential. If you are not the intended recipient of this >message, you may not disclose, print, copy or disseminate this information. >If you have received this in error, please reply and notify the sender >(only) and delete the message. Unauthorized interception of this e-mail is >a >violation of federal criminal law. >This communication does not reflect an intention by the sender or the >sender's client or principal to conduct a transaction or make any agreement >by electronic means. Nothing contained in this message or in any >attachment >shall satisfy the requirements for a writing, and nothing contained herein >shall constitute a contract or electronic signature under the Electronic >Signatures in Global and National Commerce Act, any version of the Uniform >Electronic Transactions Act or any other statute governing electronic >transactions. >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com > >_______________________________________________ >dba-SQLServer mailing list >dba-SQLServer at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-sqlserver >http://www.databaseadvisors.com >