Versions Compared

Old Version 3

changes.mady.by.user Unknown User (6092bc7c442457007123ca0f)

Saved on

compared with

New Version Current

changes.mady.by.user Nicolas Rios

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Privileged User Auditing

...

 This tab tab of the Registered SQL Server Properties window allows you to change the audit settings currently applied to privileged users on this SQL Server instance. You can choose to audit event categories and user-defined events. An event category includes related SQL Server events that occur at the server level. A user-defined event is a custom event you create and track using the sp_trace_generateevent stored procedure.

For example, you can audit individual SQL Server logins with privileged access, logins that belong to specific fixed server roles, all activities, or specific activities.

When you update audit settings to audit privileged user activities, these changes are not applied until the SQL trace is refreshed. The SQL trace is refreshed when the SQLcompliance SQL Compliance Manager Agent sends the trace files to the Collection Server. To ensure an immediate application of your new audit settings, click Update Audit Settings Now on the Agent menu.

Image Added

Available actions

 Add 

Allows you to select one or more privileged users to audit. You can select privileged users by login name or by the membership to a fixed server role.

Remove 

Allows you to remove the selected SQL Server login or fixed server role from the list of audited privileged users. When you remove the login or role, the

...

SQL Compliance Manager Agent no longer collects events recorded for that login or the role members.

Note
titleNote

Any Privileged Users added at Server-level are automatically inherited and therefore disabled for selection at the Database Privileged User's settings. 

Available fields

 Privileged users and roles to be audited 

Lists the audited privileged users by login name or fixed server role. If you are auditing privileged users in a fixed server role, the

...

SQL Compliance Manager Agent collects activities executed by all members of the selected role.

Audited Activity 

Allows you to specify which activities (events) you want to audit for the selected privileged users. Select Audit all activities done by privileged users to include everything or select Audit selected activities done by privileged users followed by additional preferences for selective auditing. Available options include:

      • Logins
      • Logouts
      • Failed logins
      • Security changes
      • Administrative actions
      • Database definition (DDL)
      • Database modification (DML)
      • Database SELECT operations
      • User-defined events
      • Filter events based on access check.


Note
titleNote

Audited Activities configured at Server-level auditing are automatically pre-selected and disabled for selection for Privileged Users added at Server-level auditing. Users must edit changes at the Server-level audited activities tab to disable these settings. 


Capture SQL statements for DML and SELECT activityactivities 

Allows you to specify whether you want to collect SQL statements associated with audited database modification (DML) and

...

Select activities. To capture these statements, you must also enable DML or

...

Select auditing.

Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit SQL statements.

Capture transaction status for DML activity Transaction Status for DML Activity

Allows you to specify whether you want to collect the status of all DML transactions that are executed by T-SQL scripts run on your audited database. This setting captures begin, commit, rollback, and savepoint statuses. To capture these statuses, you must enable DML auditing.

Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit transaction status, such as rollbacks

...

.

Capture SQL statements for DDL and Security Changes

Allows you to specify whether you want to collect SQL statements associated with audited database definition (DDL) activities. To capture these statements, you must also enable DDL auditing.

Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit SQL statements.



Scroll pdf ignore
Newtabfooter
aliasIDERA
urlhttp://www.idera.com
 | 
Newtabfooter
aliasProducts
urlhttps://www.idera.com/productssolutions/sqlserver
 
Newtabfooter
aliasPurchase
urlhttps://www.idera.com/buynow/onlinestore
 | 
Newtabfooter
aliasSupport
urlhttps://idera.secure.force.com/
 | 
Newtabfooter
aliasCommunity
urlhttp://community.idera.com
 | 
Newtabfooter
aliasResources
urlhttp://www.idera.com/resourcecentral
 | 
Newtabfooter
aliasAbout Us
urlhttp://www.idera.com/about/aboutus
 
Newtabfooter
aliasLegal
urlhttps://www.idera.com/legal/termsofuse
SQL Compliance Manager audits all activity on your server. Learn more > >

...