基于子字符串的 SQL Server 2008 审计触发器

【问题标题】:SQL Server 2008 Audit trigger based on sub string基于子字符串的 SQL Server 2008 审计触发器
【发布时间】:2013-02-13 09:22:43
【问题描述】:

我想基于列创建触发器,但仅限于以_ess 结尾的记录。如何设置审核触发器来执行此操作?

这是当前触发器,但它只检查用户名的所有更改,而我只希望它检查用户名何时更新为或从以 _ess 结尾的用户名。

SET ANSI_NULLS ON
GO

SET QUOTED_IDENTIFIER ON
GO


CREATE TRIGGER [dbo].[AUDIT_UPD_HRPERSONS_USERNAME] ON [dbo].[HRPersons] FOR UPDATE NOT FOR REPLICATION As
BEGIN
DECLARE
@OperationNum   int,
@DBMSTransaction VARCHAR(255),
@OSUSER VARCHAR(50), 
@DBMSUSER VARCHAR(50), 
@HostPhysicalAddress VARCHAR(17), 
@contexto varchar(128),
@ApplicationModifierUser varchar(50),
@SessionInfo_OSUser varchar(50),
@HostLogicalAddress varchar(30)

Set NOCOUNT On

IF @@trancount>0
BEGIN
EXECUTE sp_getbindtoken @DBMSTransaction OUTPUT
END
ELSE BEGIN
SET @DBMSTransaction = NULL
END

IF PatIndex( '%\%',SUSER_SNAME()) > 0
BEGIN
set @OSUSER = SUSER_SNAME()
set @DBMSUSER = NULL
END
ELSE BEGIN
SET @OSUSER = NULL
SET @DBMSUSER = SUSER_SNAME()
END

set @HostPhysicalAddress = (SELECT net_address FROM master..sysprocesses where spid=@@spid )
set @HostPhysicalAddress = substring (@HostPhysicalAddress,1,2) + '-' + substring (@HostPhysicalAddress,3,2) + '-' + substring (@HostPhysicalAddress,5,2) + '-' + substring (@HostPhysicalAddress,7,2) + '-' + substring (@HostPhysicalAddress,9,2) + '-' + substring (@HostPhysicalAddress,11,2)

SELECT @contexto=CAST(context_info AS varchar(128)) FROM master..sysprocesses WHERE spid=@@SPID
IF (PatIndex( '%APPLICATION_USER=%',@contexto) is not null) and (PatIndex( '%APPLICATION_USER=%',@contexto) > 0)
set @ApplicationModifierUser=substring(ltrim(substring(@contexto,PatIndex( '%APPLICATION_USER=%',@contexto)+17,128)),1, charIndex( '///',ltrim(substring(@contexto,PatIndex( '%APPLICATION_USER=%',@contexto)+17,128) ) ) - 1 )
ELSE
set @ApplicationModifierUser=NULL
IF (PatIndex( '%OS_USER=%',@contexto) is not null)  and ( PatIndex( '%OS_USER=%',@contexto)>0 )
set @SessionInfo_OSUser=substring(ltrim(substring(@contexto,PatIndex( '%OS_USER=%',@contexto)+8,128)),1, charIndex( '///',ltrim(substring(@contexto,PatIndex( '%OS_USER=%',@contexto)+8,128) ) ) - 1 )
ELSE
set @SessionInfo_OSUser=NULL
IF (PatIndex( '%LOGICAL_ADDRESS=%',@contexto) is not null) and (PatIndex( '%LOGICAL_ADDRESS=%',@contexto)>0)
set @HostLogicalAddress=substring(ltrim(substring(@contexto,PatIndex( '%LOGICAL_ADDRESS=%',@contexto)+16,128)),1, charIndex( '///',ltrim(substring(@contexto,PatIndex( '%LOGICAL_ADDRESS=%',@contexto)+16,128) ) ) - 1 )
ELSE
set @HostLogicalAddress=NULL

INSERT INTO AuditedOperations ( Application, Object, OperationType, ModifiedDate, ApplicationModifierUser, OSModifierUser, DBMSModifierUser, Host, HostLogicalAddress, HostPhysicalAddress, DBMSTransaction)
VALUES (APP_NAME(), 'HRPERSONS', 'U', GETDATE(), @ApplicationModifierUser, @OSUSER, @DBMSUSER, HOST_NAME(), @HostLogicalAddress, @HostPhysicalAddress, @DBMSTransaction)

Set @OperationNum = @@IDENTITY

INSERT INTO AuditedRows (OperationNum, RowPK)
SELECT @OperationNum, ISNULL(CAST(INSERTED.ID as nvarchar),CAST(DELETED.ID as nvarchar))
FROM INSERTED FULL OUTER JOIN DELETED ON INSERTED.ID=DELETED.ID

INSERT INTO AuditedRowsColumns (OperationNum, RowPK, ColumnName, ColumnAudReg, OldValue, NewValue)
SELECT @OperationNum, ISNULL(CAST(INSERTED.ID as nvarchar),CAST(DELETED.ID as nvarchar)), 'USERNAME','A', CONVERT( VARCHAR(3500),DELETED.USERNAME), CONVERT( VARCHAR(3500),INSERTED.USERNAME)
FROM INSERTED FULL OUTER JOIN DELETED ON INSERTED.ID=DELETED.ID

END

GO

【问题讨论】:

  • 您不能将触发器设置为仅对以“_ess”结尾的记录运行,但您可以简单地将WHERE 子句添加到触发器中的任何 DML 语句。
  • 你试过写触发器吗?如果是这样,请发布代码。
  • 您希望何时检查插入、更新的数据?您需要提供更多详细信息。
  • 我想根据插入、删除和/或更新进行检查。我已经按原样添加了当前代码。

标签: sql sql-server-2008 triggers audit


【解决方案1】:

只需添加这个:

INSERT INTO AuditedRows (OperationNum, RowPK)
SELECT @OperationNum, ISNULL(CAST(INSERTED.ID as nvarchar),CAST(DELETED.ID as nvarchar))
FROM INSERTED FULL OUTER JOIN DELETED ON INSERTED.ID=DELETED.ID
-- Restrict it to only those where the username is changing from or to %_ess
WHERE (deleted.username like '%_ess' or inserted.username like '%_ess')

INSERT INTO AuditedRowsColumns (OperationNum, RowPK, ColumnName, ColumnAudReg, OldValue, NewValue)
SELECT @OperationNum, ISNULL(CAST(INSERTED.ID as nvarchar),CAST(DELETED.ID as nvarchar)), 'USERNAME','A', CONVERT( VARCHAR(3500),DELETED.USERNAME), CONVERT( VARCHAR(3500),INSERTED.USERNAME)
FROM INSERTED FULL OUTER JOIN DELETED ON INSERTED.ID=DELETED.ID
-- Restrict it to only those where the username is changing from or to %_ess
WHERE (deleted.username like '%_ess' or inserted.username like '%_ess')

【讨论】:

  • 看起来这只检查删除或插入的用户名。如果我添加“或 updated.username like '%_ess'”,我会收到错误消息“无法绑定多部分标识符“updated.username””
  • 没有updated伪表。删除的行出现在 deleted 中,但不在 inserted 中。插入的行出现在inserted 中,但不在deleted 中。 deletedinserted 中都会出现更新的行。
猜你喜欢
  • 1970-01-01
  • 2015-01-31
  • 1970-01-01
  • 2020-01-08
  • 2016-09-18
  • 1970-01-01
  • 2014-01-19
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode