Auditing changes made to table design (syscolumns table)

From: Sean Aitken (seandotaitken@tekelecdotcom)
Date: 09/10/02 

From: "Sean Aitken" <seandotaitken@tekelecdotcom>
Date: Tue, 10 Sep 2002 14:09:38 -0400

Hello all,
    We recently had a problem arise where a user managed to change the
security settings for a particular ClearQuest table which managed to cause
problems for other certain users. I researched various transaction log
analysis tools, which proved to be a fruitless effort as the only thing that
seemed capable of reasonably searching and filtering the data would cost us
a few hundred dollars. I continued to dig and found the 'undocumented'
"DBCC LOG (...)" command. This seemed promising, except there were 2
variations on the parameters, and using SQL 7 seems to supply me with the
LESS flexible ( dbName, ReportingLevel ) parameters. This was a decent
start I thought. Keep in mind I know the database and the tables I would
like to see transactions against, so already I could eliminate 95% of the
returned data. After running the command with a detail level 2, I was able
to see some slightly useful information, among the 420,000 returned rows. I
ran again with level 3, and it never finished. Managed to build a 1.5 Gig
file in my temp directory (after setting output of Query analyzer to 'file')
The first few rows returned showed dates from 11/01. This seemed futile.
    So, since the action log couldn't be recovered without unnecessary
expendutures, I began to implement a trigger-based audit solution. First
step, I attempted to write a trigger to log when a change was made to the
syscolumns table in that database. This seemed pretty cool, cuz I could
then log the workstation and the user that performed the change. So my
bubble was busted after reading that you can't create triggers against
system tables. Back to the drawing board. I then considered the profiler,
which was not really an option since it has to intercept and look for
certain criteria against every transaction. (this would include extended
stored proc to do the same)
    So, as I sit scratching my brain, can anyone help me find an easy way to
capture who makes changes to table structures, or any other system table for
that matter.

Any help is GREATLY appreciated!

Sean Aitken
Tekelec
Morrisville, NC

(Please reply to the news group, as I have been unable to find postings with
a viable solution thats geared toward my specific problem, and I'm sure
others could benefit)

Relevant Pages

  • Re: SQL 7 vs. 2000 issue -trigger and nulls
    ... >We're having trouble with a trigger updating some tables. ... course be locked by the current transaction, ... locking data and updating rows when the COMMIT inside the trigger is ... I seriously hope that SQL Server 7.0 simply disregarded these two ...
    (microsoft.public.sqlserver.mseq)
  • Re: Auditing changes made to table design (syscolumns table)
    ... With out using profiler the only way I know of is to get this info from the ... Keep in mind I know the database and the tables I would ... I attempted to write a trigger to log when a change was made to the ... > certain criteria against every transaction. ...
    (microsoft.public.sqlserver.security)
  • Re: Transaction log and trigger
    ... You would have to "recover" the database to re-create the trigger. ... and then apply transaction log which was backed up for the next hour(by this ...
    (microsoft.public.sqlserver.server)
  • After delete Trigger on Transaction
    ... Please Advise ..After delete Trigger on Transaction ... WHERE code = (SELECT account FROM INSERTED) ... So i open journalDetail table and delete record one by one the after ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Alternative to Transactional Replication
    ... Basically the insert is wrapped in a transaction when you fire a trigger. ... Looking for a SQL Server replication book? ... with various WAN links. ...
    (microsoft.public.sqlserver.replication)