为什么某些DATABASE_ROLE_MEMBER_CHANGE_GROUP审核事件会触发,而其他却不触发?

时间:2019-07-26 23:38:10

标签: sql-server sql-server-2008 sql-server-2012 sql-server-2008-r2

此语句触发并审核事件

EXEC sp_addrolemember N'db_data', N'BRANCH\NY-Users'

但是此语句不会触发任何审核事件

EXEC master..sp_addsrvrolemember @loginame = N'BRANCH\MY_APP_User', @rolename = N'securityadmin' 

我要求DBA在数据库中创建这些审核。

USE master;
GO
CREATE SERVER AUDIT IT_Security_server_audit
TO APPLICATION_LOG
WITH
( QUEUE_DELAY = 1000
,ON_FAILURE = CONTINUE
)
GO
 Alter Server Audit IT_Security_server_audit with(State=ON)
GO
CREATE SERVER AUDIT SPECIFICATION IT_Security_Server_Audit_Specification
FOR SERVER AUDIT IT_Security_server_audit
     ADD ( SUCCESSFUL_LOGIN_GROUP )
    ,ADD ( AUDIT_CHANGE_GROUP )
    ,ADD ( BACKUP_RESTORE_GROUP )
    ,ADD ( DATABASE_CHANGE_GROUP )
    ,ADD ( DATABASE_OWNERSHIP_CHANGE_GROUP )
    ,ADD ( BROKER_LOGIN_GROUP)
    ,ADD ( DBCC_GROUP )
    ,ADD ( LOGIN_CHANGE_PASSWORD_GROUP )
    ,ADD ( APPLICATION_ROLE_CHANGE_PASSWORD_GROUP )
    ,ADD (SERVER_PRINCIPAL_CHANGE_GROUP)
    ,ADD (DATABASE_PERMISSION_CHANGE_GROUP)
    ,ADD (DATABASE_ROLE_MEMBER_CHANGE_GROUP)
WITH ( STATE = ON);
GO
--Create the database Audit spec
CREATE DATABASE AUDIT SPECIFICATION  IT_Security_Database_Audit_Specification
FOR SERVER AUDIT IT_Security_server_audit
       ADD ( AUDIT_CHANGE_GROUP )
       ,ADD ( BACKUP_RESTORE_GROUP )
       ,ADD ( DATABASE_CHANGE_GROUP )
       ,ADD ( DATABASE_OBJECT_CHANGE_GROUP )
       ,ADD ( DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP )
       ,ADD ( DATABASE_OBJECT_PERMISSION_CHANGE_GROUP )
       ,ADD ( DATABASE_PRINCIPAL_CHANGE_GROUP )
       ,ADD ( DATABASE_ROLE_MEMBER_CHANGE_GROUP )
       ,ADD ( DBCC_GROUP )
       ,ADD ( SCHEMA_OBJECT_CHANGE_GROUP )
       ,ADD ( SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP )
       ,ADD ( DATABASE_ROLE_MEMBER_CHANGE_GROUP )
       ,ADD ( SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP )
       -- 2012-newer allowed events
       ,ADD ( DATABASE_LOGOUT_GROUP )
       ,ADD ( FAILED_DATABASE_AUTHENTICATION_GROUP )
       ,ADD ( USER_DEFINED_AUDIT_GROUP )
       ,ADD ( SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP )
      -- New GROUPS
       ,ADD ( DATABASE_OWNERSHIP_CHANGE_GROUP )
       ,ADD ( DATABASE_PERMISSION_CHANGE_GROUP )
       ,ADD ( LOGIN_CHANGE_PASSWORD_GROUP )

WITH ( STATE = ON);
go

从审计事件的角度来看,“ sp_addrolemember”和“ sp_addsrvrolemember”之间有什么区别?我上面进行的审核没有涵盖这两种情况吗?

1 个答案:

答案 0 :(得分:0)

我找到了!我缺少SERVER_ROLE_MEMBER_CHANGE_GROUP。

ALTER SERVER AUDIT SPECIFICATION  IT_Security_Server_Audit_Specification  
FOR SERVER AUDIT IT_Security_server_audit
        ADD (SERVER_ROLE_MEMBER_CHANGE_GROUP);  
GO