Trusted users are SQL Server logins and members of SQL Server roles that you trust to read, update, or manage an entire server´s databases. The SQL Compliance Manager Agent removes events generated by trusted users from the audit trail before sending the trace file to the Collection Server for processing. This exclusion occurs for all auditing, including DML and SELECT events related to sensitive columns.
By designating trusted users at server level, you can more efficiently audit servers used by third-party applications, such as SAP, that are self-auditing. Self-auditing applications are able to audit activity and transactions initiated by their service accounts. Because service accounts can generate a significant number of login and database change events, omitting these expected events from your audit data trail lets you more easily identify unexpected activity.
If you are auditing privileged user activity and the trusted user is also a privileged user, IDERA SQL Compliance Manager will continue to audit this user because of its elevated privileges. For example, a service account that is a member of the sysadmin fixed SQL Server role will continue to be audited even though the account is designated as trusted. Keep in mind that trusted users are filtered at the database level whereas privileged users are audited at the server level.
To omit, or filter, events generated by specific logins and roles from your audit data trail, click Add, and then select the SQL Server login or role you want to trust.
Trusted Users applied at Server level will automatically be applied to all databases under the selected Server.
When you want to specify multiple accounts as trusted users, consider creating a Windows group that contains only those users. This approach allows you to better manage your trusted users and ensures you do not accidentally trust additional accounts due to unexpected group membership (such as through nested groups). Creating a unique group for trusted users prevents unintended omissions in your audit data.
Add a trusted user or role
Allows you to select which SQL Server logins or roles you want to trust for this server. When a login or role is designated as trusted, the SQL Compliance Manager Agent omits all activity generated by these logins from the audit data trail.
Remove a user or role from the trusted list
Allows you to designate a previously trusted user or SQL Server role as non-trusted. When a login or role becomes non-trusted, SQL Compliance Manager begins auditing the activity generated by this login or role, based on your current audit settings.