At the user group…auditing and sys.fn_get_audit_file

I really enjoyed speaking at the Portland SQL Server User Group meeting last night about SQL Server security…and I have an update.

We were talking about the supposed inability of auditing to audit usage of sys.fn_get_audit_file, the system function that reads an audit log. Raul Garcia of the SQL Server team had the answer. "For the particular scenario in this bug (sys.fn_get_audit_file), the permission being exercised is SELECT, not EXECUTE, hence the apparent failure to audit usage."

An database audit specification in the master database for SELECT ON OBJECT::sys.fn_get_audit_file BY PUBLIC will audit it, regardless of the "current database" when the function is issued.

Thanks Raul. 

 

Other articles

Imagine feeling confident enough to handle whatever your database throws at you.

With training and consulting from SQLskills, you’ll be able to solve big problems, elevate your team’s capacity, and take control of your data career.