| Title: | SQL/Services Forum |
| Notice: | kits(3) ft info(7) QAR access (8) SPR access (10) |
| Moderator: | SQLSRV::MAVRIS |
| Created: | Thu Oct 13 1988 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 2214 |
| Total number of notes: | 8586 |
Hi everyone, This is probably another one of those restrictions that a database class service has, but I thought I would ask here anyway... A customer has a database class service. It is pre-attached using the SQLSRV$DFLT account. The db authorization is set to CONNECT USER and it all works fine. The customer now wants to audit some things in Rdb. One problem he has run into is the SQLSRV$DFLT account is showing up as the account doing modify's or Inserts, etc. He wants the CONNECT USER name to be flagged as the account doing these things to the database. He understands why the SQLSRV$DFLT account has to do the attach, but is wondering why a CONNECT USER name can be passed so that the db authorization is given appropriately to that user name, then why can't RDB Auditing pick up that CONNECT USERname as well? Any ideas... or is this just the way it works??? Not sure how auditing picks up a username it reports... if it takes the username that does the attach, then this is all working as it should... and I told the customer this is probably what is happening. Other than using universal services, anyone know how he can get auditing to see the connect user names on a database class service? Thanks, Renee
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 2181.1 | version information | BROKE::BASTINE | Wed Apr 02 1997 12:56 | 3 | |
Customer is running V7.0 of Sql/Services and 7.0 of Rdb... Renee | |||||
| 2181.2 | M5::JHAYTER | Wed Apr 02 1997 14:23 | 3 | ||
check out note 2173. something tells me it has to do with the "black magic" used to do the connect user... | |||||
| 2181.3 | Expected behavior | SQLSRV::MAVRIS | Sue Mavris - [email protected] | Wed Apr 02 1997 14:45 | 12 |
Hi Renee, Rdb does a $GETJPI to determine the process username. This is the username it writes to the audit record. Since SQL/Services does not change the process username for database services, Rdb is picking up the service owner account for its audit records. Also, VMS auditing is process-based, so we're not sure what would happen if Rdb gave VMS a username other than the process username. If VMS allows it, this is something that Rdb could choose to change in the future. You might want to log a suggestion qar to Rdb on this one. Sue | |||||