Home All Groups Group Topic Archive Search About

Trigger to block and log

microsoft.public.sqlserver.programming
Author
15 Jul 2005 3:32 AM
John Baima
I would like a trigger to both block updates and deletions as well as
log all information I can get. I really don't care what the update or
deletion is. Thanks for any help.

-John

Author
15 Jul 2005 4:27 AM
David Gugick
John Baima wrote:
> I would like a trigger to both block updates and deletions as well as
> log all information I can get. I really don't care what the update or
> deletion is. Thanks for any help.
>
> -John

To block an insert or update operation on a table, you can use a simple
trigger on each table as follows:

Create Trigger MyTableTriggerIU on dbo.MyTable
For Insert, Update
as
Begin
  ROLLBACK
End

In order to audit this information, you need to access the inserted
table, but as soon as you roll back the transaction, you'll lose
whatever DML operations you performed. As an option, you can create an
instead  of trigger. Because the instead trigger never actually inserts
/updates any data, you can access the inserted table without a problem.
In the example, I just use an audit table that mimics the main table
with some added columns.

Create Trigger MyTableTriggerIU on dbo.atest
Instead of Insert, Update
as
Begin
  Insert into dbo.atestaudit (
    col1, audituser, auditdate )
  Select col1, SUSER_SNAME(), getdate() From Inserted
End


--
David Gugick
Quest Software
www.imceda.com
www.quest.com
Author
15 Jul 2005 2:39 PM
John Baima
Show quote
"David Gugick" <david.gugick-nospam@quest.com> wrote:

>> I would like a trigger to both block updates and deletions as well as
>> log all information I can get. I really don't care what the update or
>> deletion is. Thanks for any help.
>>
>> -John
>
>To block an insert or update operation on a table, you can use a simple
>trigger on each table as follows:
>
>Create Trigger MyTableTriggerIU on dbo.MyTable
>For Insert, Update
>as
>Begin
>  ROLLBACK
>End
>
>In order to audit this information, you need to access the inserted
>table, but as soon as you roll back the transaction, you'll lose
>whatever DML operations you performed. As an option, you can create an
>instead  of trigger. Because the instead trigger never actually inserts
>/updates any data, you can access the inserted table without a problem.
>In the example, I just use an audit table that mimics the main table
>with some added columns.
>
>Create Trigger MyTableTriggerIU on dbo.atest
>Instead of Insert, Update
>as
>Begin
>  Insert into dbo.atestaudit (
>    col1, audituser, auditdate )
>  Select col1, SUSER_SNAME(), getdate() From Inserted
>End


Thanks, that was very helpful. Can I collect other information for the
audit like where the net address of the connection. The problem is
that many people share the same login and I'd like to know the
specific user.

-John
Author
15 Jul 2005 4:18 PM
David Gugick
John Baima wrote:
> Thanks, that was very helpful. Can I collect other information for the
> audit like where the net address of the connection. The problem is
> that many people share the same login and I'd like to know the
> specific user.
>

You should really look into giving all users their own logins. You can
get the MAC address from the sysprocesses table in the master database
(see the net_address column). There's other information in that table as
well.


--
David Gugick
Quest Software
www.imceda.com
www.quest.com

AddThis Social Bookmark Button

Post Other interesting topics
Can I do this?
is there a set-based solution to this task?
Select Query
Combining Two Tables ?
xp_cmdshell by proxy account is not working, please help