Re: Auditing changes...By developers
- From: Sue Hoegemeier <Sue_H@xxxxxxxxxxxxx>
- Date: Mon, 19 Mar 2007 18:36:48 -0600
You can use a server side trace to monitor that login, who
is using it from what workstation and/or what application.
You can monitor with third party products as well. For third
party products and SOX, I've used Compliance Manager from
Idera: http://www.idera.com/Products/SQLcm/Default.aspx
-Sue
On 19 Mar 2007 16:25:28 -0700, "Joseph"
<josephsheppard@xxxxxxxxx> wrote:
What is the best way to go to track changes by developers that are
privy to db usernames and passwords?
Not all application users have domain accounts, so we can't use
trusted connections. Instead, we have a single username that the
application (we only have one) uses to perform its work.
We have auditing at the internal application level...Now we need a way
to determine if any of the four developers are possibly manipulating
data.
I briefly looked at application roles, but considering that you can
run sp_setapprole from the QA, that doesn't seem worthwhile.
How is everyone else doing it? Our auditors assure us it is being
done...
Don't you love SOX?
Thanks!
Joseph
.
- References:
- Auditing changes...By developers
- From: Joseph
- Auditing changes...By developers
- Prev by Date: Re: SQL2005 Linked server authentication problem
- Next by Date: Re: Smo.Database - Set the path of thefiles
- Previous by thread: Auditing changes...By developers
- Next by thread: Re: Auditing changes...By developers
- Index(es):
Relevant Pages
|
