SQL Server 2008 更改数据捕获,谁进行了更改?
大约一周前,我在 SOF 上问了一个关于审计 SQL 数据更改的问题。 关于使用触发器的常见内容出现了,还提到了 SQL Server 2008 中的 CDC。
我今天一直在尝试它,到目前为止一切都很好,我看不到它支持的一件事是跟踪谁真正做出了改变。 谁执行了该声明?
我很想知道是否有人使用 CDC 进行审核以及您如何跟踪谁进行了更改?
I asked a question on SOF a week or so ago about auditing SQL data changes. The usual stuff about using triggers came up, there was also the mention of CDC in SQL Server 2008.
I've been trying it out today and so far so good, the one thing I can't see it supports is keeping a track of who actually made the change. Who executed the statement?
I'm interested to know if anyone has used CDC for auditing and how you kept track of who made the change?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
我直接使用以下命令更改了 CDC 表:
ALTER TABLE cdc.dbo_MyTable_CT ADD UserName nvarchar(50) NULL DEFAULT(SUSER_SNAME())
顺便说一句,您不需要日期信息,因为它已经在开始和结束 LSN 字段中。
我唯一的问题是我的用户通过 Windows 组登录,这允许他们修改权限,但用户名字段始终是我的用户名,而不是他们的。 我还没有找到解决这个问题的方法。
I altered the CDC table directly using:
ALTER TABLE cdc.dbo_MyTable_CT ADD UserName nvarchar(50) NULL DEFAULT(SUSER_SNAME())
BTW you don't need the date info since it's already in the start and end LSN fields.
My only problem is that my users login via a Windows Group which allows them modify rights, but the UserName field is always my username and not theirs. I haven't found a way around this problem.
更改数据捕获不会跟踪进行更改的用户、计算机或更改时间。
跟踪使用 CDC 进行更改的用户的最佳解决方案是创建一个新字段来存储用户详细信息,该字段将在每次更改时更新(发现这个想法 此处)。
同系列中的另一篇文章引导我找到了一个提供开箱即用解决方案的第三方工具。 我仍在评估过程中,但到目前为止看起来相当不错。 您可以在 这个续集。
希望这可以帮助。
Change Data Capture doesn’t track the user, machine who made the change, or time of change.
The best solution to track users who made the change with CDC is to create a new field to store users details, which will be updated on each change (found that idea here).
Another article in the same series lead me to a third party tool offering an out-of-the-box solution. I’m still in evaluating process, but it looks quite good so far. You can see the comparison of tracked information in a handy table at the end of this sequel.
Hope this helps.
CDC 实际上并不是为审计而设计的。 如果您正在寻找审核功能,则应该使用SQL Server Audit。
CDC really isn't designed for auditing. If you're looking for auditing capabilities, you should be using SQL Server Audit.
埃德蒙多先生,我认为疾病预防控制中心还没有准备好迎接黄金时段。 目前,从启用了 CDC 的 Visual Studio 部署数据库项目(它不喜欢 DDL 更改)似乎存在相当大的困难。 此外,CDC 似乎有一个内置的数据生命周期终止清理过程,因此,如果您确实打算长期维护审核历史记录,这对您来说可能会很糟糕。
另外,如果我误解了,请纠正我,但似乎 SQL Audit 适合审计 SQL Server 中发生的大量事件,例如登录失败、DDL 更改等。
更改跟踪仅适用于 DDL 而不是 DML,所以你在那里运气不好。
如果您的目的确实是捕获从表中更新或删除的“旧”记录,那么最好的答案似乎仍然是在 dbo.TableName 上创建 Audit.TableName 和 update+delete 触发器。 还要确保 TableName 包含 CreatedBy DEFAULT SUSER、CreatedDate DEFAULT getdate()、ModifiedBy、ModifiedDate 列。
MrEdmundo, CDC is not ready for prime-time in my opinion. There currently seems to be quite a bit of struggle in regards to deploying a database project from Visual Studio with CDC enabled (it doesn't like DDL changes). Additionally, it seems that CDC has a built-in data end-of-life cleanup proc, so this may be bad times for you if you really mean to maintain your audit history for a long time.
Also, correct me if I've misunderstood, but it seems SQL Audit is geared for auditing a plethora of events that occur in SQL Server such as failed log-ins, DDL changes, etc.
Change Tracking is only for DDL and not DML, so you're out of luck there.
If your intention really is to capture the 'old' record that was either Updated or Deleted from a table, it seems the best answer is still to create an Audit.TableName and an update+delete trigger on dbo.TableName. Also make sure TableName includes columns of CreatedBy DEFAULT SUSER, CreatedDate DEFAULT getdate(), ModifiedBy, ModifiedDate.
尽管并不理想,但普遍的共识似乎是 CDC 不会捕获谁进行了更改,但我们已经实现了 CreatedBy/Date 和 UpdatedBy/Date 列,可用于查看谁触发了更改。 当然,要实现这一点,更新行的 SP 或 SQL 语句需要分别使用 suser_name() 和 getDate() 显式设置 UpdatedBy/Date 字段。 我同意开箱即用会很好,这会让 CDC 做一些不该做的事情,但我也尝试使用 CDC 异步审核数据更改,而不是使用传统触发器。
Although not ideal, the general consensus seems to be that CDC won't capture who made the change, but we've implemented CreatedBy/Date and UpdatedBy/Date columns which can be used to see who triggered the change. For that to work, of course, the SP or SQL statement updating the row needs to explicitly set the UpdatedBy/Date fields appropriately using suser_name() and getDate() respectively. I agree this would be nice to have out of the box and this is making CDC do something is wasn't meant for, but I too am trying to use CDC to audit data changes async instead of using traditional triggers.
这是可以通过某些自动化过程创建的触发器,也可以在该特定表上启用 CDC 时手动创建,此触发器将解决 who 和 who 的问题。 从哪里进行了更改:
Here is trigger which can be created through some automated process or manually when CDC is enabled on that specific table, this trigger will solve the problem that who & from where changes were made: