此语句触发并审核事件
EXEC sp_addrolemember N'db_data', N'BRANCH\NY-Users'
但是此语句不会触发任何审核事件
EXEC master..sp_addsrvrolemember @loginame = N'BRANCH\MY_APP_User', @rolename = N'securityadmin'
我要求DBA在数据库中创建这些审核。
USE master;
GO
CREATE SERVER AUDIT IT_Security_server_audit
TO APPLICATION_LOG
WITH
( QUEUE_DELAY = 1000
,ON_FAILURE = CONTINUE
)
GO
Alter Server Audit IT_Security_server_audit with(State=ON)
GO
CREATE SERVER AUDIT SPECIFICATION IT_Security_Server_Audit_Specification
FOR SERVER AUDIT IT_Security_server_audit
ADD ( SUCCESSFUL_LOGIN_GROUP )
,ADD ( AUDIT_CHANGE_GROUP )
,ADD ( BACKUP_RESTORE_GROUP )
,ADD ( DATABASE_CHANGE_GROUP )
,ADD ( DATABASE_OWNERSHIP_CHANGE_GROUP )
,ADD ( BROKER_LOGIN_GROUP)
,ADD ( DBCC_GROUP )
,ADD ( LOGIN_CHANGE_PASSWORD_GROUP )
,ADD ( APPLICATION_ROLE_CHANGE_PASSWORD_GROUP )
,ADD (SERVER_PRINCIPAL_CHANGE_GROUP)
,ADD (DATABASE_PERMISSION_CHANGE_GROUP)
,ADD (DATABASE_ROLE_MEMBER_CHANGE_GROUP)
WITH ( STATE = ON);
GO
--Create the database Audit spec
CREATE DATABASE AUDIT SPECIFICATION IT_Security_Database_Audit_Specification
FOR SERVER AUDIT IT_Security_server_audit
ADD ( AUDIT_CHANGE_GROUP )
,ADD ( BACKUP_RESTORE_GROUP )
,ADD ( DATABASE_CHANGE_GROUP )
,ADD ( DATABASE_OBJECT_CHANGE_GROUP )
,ADD ( DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP )
,ADD ( DATABASE_OBJECT_PERMISSION_CHANGE_GROUP )
,ADD ( DATABASE_PRINCIPAL_CHANGE_GROUP )
,ADD ( DATABASE_ROLE_MEMBER_CHANGE_GROUP )
,ADD ( DBCC_GROUP )
,ADD ( SCHEMA_OBJECT_CHANGE_GROUP )
,ADD ( SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP )
,ADD ( DATABASE_ROLE_MEMBER_CHANGE_GROUP )
,ADD ( SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP )
-- 2012-newer allowed events
,ADD ( DATABASE_LOGOUT_GROUP )
,ADD ( FAILED_DATABASE_AUTHENTICATION_GROUP )
,ADD ( USER_DEFINED_AUDIT_GROUP )
,ADD ( SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP )
-- New GROUPS
,ADD ( DATABASE_OWNERSHIP_CHANGE_GROUP )
,ADD ( DATABASE_PERMISSION_CHANGE_GROUP )
,ADD ( LOGIN_CHANGE_PASSWORD_GROUP )
WITH ( STATE = ON);
go
从审计事件的角度来看,“ sp_addrolemember”和“ sp_addsrvrolemember”之间有什么区别?我上面进行的审核没有涵盖这两种情况吗?
答案 0 :(得分:0)
我找到了!我缺少SERVER_ROLE_MEMBER_CHANGE_GROUP。
ALTER SERVER AUDIT SPECIFICATION IT_Security_Server_Audit_Specification
FOR SERVER AUDIT IT_Security_server_audit
ADD (SERVER_ROLE_MEMBER_CHANGE_GROUP);
GO