SQL Server 2008 auditing user identity issue RRS feed

  • Question

  • We are researching the possibility to use SQL Server 2008 auditing to audit user activities in a large ERP application. In our application, all users access  SQL Server database with the same underlying SQL Server user. One of key requirement is to track who made the change. However, when you create any SQL Server 2008 database audit specification, you can't specify application user as principal. And the user recorded in the audit trail is a SQL Server user. This is not useful from the application's point of view, because the audit trail loses the application user's identity.

      Other DBMS does have feature to address requirement like above. So I wonder if there is a way to configure the SQL Server so that it records the application user's identity in the audit trail other than the database user's.

      Thank you very much!
    Thursday, February 25, 2010 9:48 AM


  • schnell,

    You won't be able to use link SQL Server auditing activity to your application user directly because end-users don't really issue statements against SQL Server, but your ERP application does.
    I would imagine your end-users can't connect to your database by any other means but ERP application itself. "Large ERP" application" should have built-in auditing capability (for instance, SAP ERP) which is sufficient enough to track changes.
    There are some 3rd party auditing solutions that claim to map database activity to application users, but I've had no experience working with those.

    Thursday, February 25, 2010 7:05 PM