I’m giving a presentation at the PASS Data Community Summit 2021 being put on by Redgate! It’s going to be part of the Data Security & Governance Learning pathway. I’ve called the presentation Auditing your data and data access but I’m just starting to write it. One of the things I’ve noticed as I write presentations is that over the course of the project I end up blogging about any subject I haven’t already blogged on. It helps me get a feel for the subject and get down some of the details that I might want to put into the presentation. I thought this time I’d formalize the process. The presentation is going to be based on an old article I did for SQLShack called Intro to Auditing in SQL Server. Over the next few weeks/months you can expect posts on the subjects in the outline below. Links for blogs I’ve already done are included, and I’ll add more as I write more.

• Login/Failed login auditing
  • Has this login been used recently?
• C2 Auditing and Common Criteria Compliance
• Audit Columns
• Temporal Tables (?)
  • Permissions required for developing with Temporal Tables.
• Change tracking (?)
• Triggers
  • Logon triggers
    • Escaping from a runaway logon trigger.
  • DML triggers
  • DDL triggers
    • DDL Trigger to log database level security commands.
    • Can we get a license for DDL triggers?
    • Performance is bad. Did you change anything recently? No. Are you sure?
• Tracing/Profiler
  • What is this default trace you speak of?
• Extended Events
  • A walk-through of creating the Activity Tracking template using Extended Events.
  • Want to be more comfortable with the Extended Events Viewer?
  • What is the system_health extended events session?
• Server/Database Auditing
  • Reviewing the SQL Server Audit
  • Keep an eye on those Audit files!
• External Tools

Something I noticed as I was working on this post, is that, in general, the subjects I know the most about, I’ve blogged the most about. To some extent this is just because I know more, I work on it more, so I have more to say. But there is also a fair amount of knowledge and familiarity from researching and writing about the subject.

I’m not perfect by any means, and there is a distinct chance I’ve missed something in my list above, so if you have any suggestions for something I may have missed or that you’d like to see mentioned let me know. No promises but I’ll give it a shot.