How Can I know who has changed anything in SQL?

Hello all,

After such a long time , I would like to post some another blog which might be helpful to the one who works in SQL.

I need to find the one who has changed the tables within my SQL Database that I have created.

For certain reason ,we may need to find /to know who has done any changes within SQL. Such as add view, delete table, modify table, create database, add column, stopped SQL agent job, create new job, modify rules, add roles, new login, and etc.

In order to trace this information and find out my solution, I have researched somewhat and find the solution as.

we can enable and disable the default trace in SQL Server. Meanwhile we can use the default trace enabled option to enable or disable the default trace log files.

If we want to capture the information about who changed the objects in SQL Server. Please try to run the script, which works for me as below:

DECLARE @filename VARCHAR(255) 
SELECT @FileName = SUBSTRING(path, 0, LEN(path)-CHARINDEX('', REVERSE(path))+1) + 'Log.trc'  
FROM sys.traces   
WHERE is_default = 1;  

--Check who dropped and created objects, altered objects
SELECT gt.HostName, 
       gt.ApplicationName, 
       gt.NTUserName, 
       gt.NTDomainName, 
       gt.LoginName, 
       gt.SPID, 
       gt.EventClass, 
       gt.IntegerData, 
       te.Name AS EventName,
       gt.EventSubClass,      
       gt.TEXTData, 
       gt.StartTime, 
       gt.EndTime, 
       gt.ObjectName, 
       gt.DatabaseName, 
       gt.FileName, 
	gt.IsSystem
FROM [fn_trace_gettable](@filename, DEFAULT) gt 
JOIN sys.trace_events te ON gt.EventClass = te.trace_event_id 
where gt.ObjectName ='DimTable' and gt.DatabaseName ='Database'
ORDER BY StartTime;
 --DimTable -replace with the trace table and Database -replace with your DB

I am able to find the one who have changed my tables that I have created.

Also we should have to know that, SQL Server only shows you the IP address of the Terminal Server machine. It has no knowledge about how the user connected to that server. You would have to find the RDP logs and enter them into the database somehow to correlate the information. Which still can be inconclusive if there are more than one user connected through RDP at the same time.

Reference from the link:

http://www.simple-talk.com/sql/performance/the-default-trace-in-sql-server—the-power-of-performance-and-security-auditing/

http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/ef5f82e3-71a6-4e65-989f-5ab7b84bbc82

Is there any alternative solution for this kind of issue .Hope someone have some idea regarding on this.

Hope this post will be useful for all of us in the field of BI mainly SQL.

Regards,

Anil Maharjan

Leave a Reply

Your email address will not be published. Required fields are marked *