Please. I need to find the way to identify a user of the database that erase
a table. Since I can do it ?Hi,
Try to read the Trasnaction log using Loagexplorer (www.lumigent.com) .
Otherway is to enable the profiler.
Thanks
Hari
SQL Server MVP
"BED" <BED@.discussions.microsoft.com> wrote in message
news:1B5F07B7-A43B-4F7E-80C5-2D86E1D6D947@.microsoft.com...
> Please. I need to find the way to identify a user of the database that
> erase
> a table. Since I can do it ?|||Start with the users who have rights to delete tables in that database. If
your security is set up right, that should narrow it down considerably.
"BED" <BED@.discussions.microsoft.com> wrote in message
news:1B5F07B7-A43B-4F7E-80C5-2D86E1D6D947@.microsoft.com...
> Please. I need to find the way to identify a user of the database that
> erase
> a table. Since I can do it ?|||Assuming you are using trusted connections or user-specific SQL logins, your
only chance would be to get a log reading program that allows you read the
transaction log.
Thomas
"BED" <BED@.discussions.microsoft.com> wrote in message
news:1B5F07B7-A43B-4F7E-80C5-2D86E1D6D947@.microsoft.com...
> Please. I need to find the way to identify a user of the database that era
se
> a table. Since I can do it ?|||If you don't know who (or what) deleted the table, then how do you know they
are malicious?
When did this occur? If it happened like less than an hour ago, then perhaps
they are still logged into EM or QA. Go into Enterprise Manager and look
under Managment\Current Activity\Process Info. This lists all current
connections to the server (including login name), and clicking on each
process will show the last SQL batch command they executed.
"BED" <BED@.discussions.microsoft.com> wrote in message
news:1B5F07B7-A43B-4F7E-80C5-2D86E1D6D947@.microsoft.com...
> Please. I need to find the way to identify a user of the database that
erase
> a table. Since I can do it ?|||Thanks, but log I erase.
It is left in some table the registry of drop and the user who did it ?
"Hari Pra" wrote:
> Hi,
> Try to read the Trasnaction log using Loagexplorer (www.lumigent.com) .
> Otherway is to enable the profiler.
> Thanks
> Hari
> SQL Server MVP
>
> "BED" <BED@.discussions.microsoft.com> wrote in message
> news:1B5F07B7-A43B-4F7E-80C5-2D86E1D6D947@.microsoft.com...
>
>|||The answer would be a resounding "No". Barring a custom logging solution, th
e
transaction log is *the* tool which gave you any hope of finding who emptied
your table.
Thomas
"BED" <BED@.discussions.microsoft.com> wrote in message
news:CC2D80A2-F74D-4C42-B765-94F897D9ADC1@.microsoft.com...
> Thanks, but log I erase.
> It is left in some table the registry of drop and the user who did it ?
> "Hari Pra" wrote:
>|||ok. Thank you very much
"Thomas Coleman" wrote:
> The answer would be a resounding "No". Barring a custom logging solution,
the
> transaction log is *the* tool which gave you any hope of finding who empti
ed
> your table.
>
> Thomas
>
> "BED" <BED@.discussions.microsoft.com> wrote in message
> news:CC2D80A2-F74D-4C42-B765-94F897D9ADC1@.microsoft.com...
>
>|||If you can't figure out "who deleted the table" then your security
configuration is pretty wack. Restore from backup and take away the rights
to "delete tables" from users who don't need it (more often than not in a
production environment this will be almost *all* of your users).
"JT" <someone@.microsoft.com> wrote in message
news:eam0HCYXFHA.3716@.TK2MSFTNGP12.phx.gbl...
> If you don't know who (or what) deleted the table, then how do you know
> they
> are malicious?
> When did this occur? If it happened like less than an hour ago, then
> perhaps
> they are still logged into EM or QA. Go into Enterprise Manager and look
> under Managment\Current Activity\Process Info. This lists all current
> connections to the server (including login name), and clicking on each
> process will show the last SQL batch command they executed.
> "BED" <BED@.discussions.microsoft.com> wrote in message
> news:1B5F07B7-A43B-4F7E-80C5-2D86E1D6D947@.microsoft.com...
> erase
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment