https://github.com/dwarry/rowlevelauditpoc
https://github.com/dwarry/rowlevelauditpoc
Last synced: 8 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/dwarry/rowlevelauditpoc
- Owner: dwarry
- Created: 2023-05-05T06:46:54.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2023-05-05T06:48:23.000Z (about 3 years ago)
- Last Synced: 2025-01-24T11:28:51.330Z (over 1 year ago)
- Language: C#
- Size: 10.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: ReadMe.md
Awesome Lists containing this project
README
# Using Row Level Security to Log Access
This repo comprises an attempt to (ab)use the Row-Level Security (RLS) functionality in SQL Server 2016 to log
access to the data in a table. For familiarity, it's based on the AdventureWorks2016 sample database.
## RowAuditRecorder.cs
Contains a fairly trivial static class that contains a method that logs
a message to a text file. The location of the text file is specified by
an environment variable `SQL_ROW_AUDIT_FILE_LOCATION`, so this will need to be
set at the system level and the SQL Server service restarted before running it
for the first time.
The function takes three parameters - the user name, the table name being
logged, and a message. The table name is used for the filename, and each call
writes a line to this file containing the ISO8601 timestamp, the user name and
the message, with tab as the delimiter.
As the Assembly that will be built to hold this is going to be registered with
SQL Server as an assembly with External Access permission (probably has to be
Unsafe in later versions of SQL Server), it will need to be signed with a key
with a password set.
## CodeAsymmetricKey.sql
This creates an asymmetric key from the assembly, and a server-level login associated with it which has permission to use external access assemblies.
## CreateAssembly.sql
This loads the assembly into the target database.
## LogRowLevelAudit.sql
This creates a wrapper T-SQL function that invokes the C# method.