DATABASE Trigger

最新推荐文章于 2024-03-19 10:26:01 发布
最新推荐文章于 2024-03-19 10:26:01 发布
阅读量922 收藏
点赞数 1
分类专栏: MS SQL Server 文章标签: AdministratorLog DATABASE Trigger DDL_Log DDL Trigger
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cdwolfling/article/details/8812841
版权 
DDL Trigger, 2013年的时候用的是AdministratorLog表,2021年更新为Administration.DDL_Log摘自 https://techcommunity.microsoft.com/t5/azure-sql/logging-schema-changes-in-a-database-using-ddl-trigger/ba-p/1950343

-- =============================================
-- Author:					Andreas Wolter, Microsoft
-- Create date:			11-2020
-- Revision History:	
-- Description:			This script demonstrates the implementation of a DDL-Trigger to log all DDL events to a database table for internal use.
--								it is not meant to act as a security-measure
-- Article:					 Logging Schema-changes in a Database using DDL Trigger
-- Applies to:				SQL Server, Azure SQL Database, Azure SQL Database Managed Instance
--=============================================

SET QUOTED_IDENTIFIER ON

-- Change Database
-- in Azure SQL Database remove the "USE Database" statements and open a new connection if necessary
USE DDLWatchdogTrigger
GO
/* Create Schema if not exists */

IF SCHEMA_ID('Administration') IS NULL
BEGIN
	EXEC( 'CREATE SCHEMA Administration;' );
END


 -- if the DDL Trigger already exists we need to diable it to drop and recreate the logging table
IF EXISTS (SELECT * FROM sys.triggers
    WHERE parent_class = 0 AND name = 'Trig_Log_DDL_DATABASE_LEVEL_EVENTS')
DISABLE TRIGGER Trig_Log_DDL_DATABASE_LEVEL_EVENTS ON DATABASE 
GO

/* Create the DDL_Log table */
 IF EXISTS (SELECT * FROM sys.tables
    WHERE SCHEMA_NAME(schema_id) = 'Administration' AND name = 'DDL_Log')
DROP TABLE Administration.DDL_Log
GO

CREATE TABLE Administration.DDL_Log
(
		DDL_Log_ID			int identity			NOT NULL
	,	EventType				nvarchar(50)		NOT NULL
	,	PostTime				datetime2(2)		DEFAULT SYSDATETIME()
	,	SPID						int						NOT NULL
	,	ServerName			nvarchar(100)	NOT NULL
	,	LoginName			nvarchar(100)	NOT NULL
	,	OriginalLogin			nvarchar(100)	NOT NULL
	,	UserName				nvarchar(100)	NOT NULL
	,	Application			nvarchar(250)	NOT NULL
	,	DatabaseName		nvarchar(100)	NOT NULL
	,	SchemaName		nvarchar(100)	NOT NULL
	,	ObjectName			nvarchar(100)	NOT NULL
	,	ObjectType			nvarchar(100)	NOT NULL
	,	TSQLCommand		nvarchar(max)	NOT NULL
	,	EventData				xml					NOT NULL
)
GO
EXEC sys.sp_addextendedproperty
		@name			= N'Description'
	,	@value			= N'Stores all relevant DDL Statements against the current database, inserted by DDL Trigger.'
	,	@level0type	= N'SCHEMA'
	,	@level0name	= N'Administration'
	,	@level1type	= N'TABLE'
	,	@level1name	= N'DDL_Log'
GO

EXEC sys.sp_addextendedproperty
		@name			= N'Referenced by'
	,	@value			= N'PROC: del_DDL_Log_by_oldest_date, TRIGGER: Trig_Log_DDL_DATABASE_LEVEL_EVENTS'
	,	@level0type	= N'SCHEMA'
	,	@level0name	= N'Administration'
	,	@level1type	= N'TABLE'
	,	@level1name	= N'DDL_Log'
GO

ALTER TABLE Administration.DDL_Log
	ADD CONSTRAINT PKCL_Administration_DDL_Log_DDL_Log_ID
		PRIMARY KEY CLUSTERED (DDL_Log_ID)
GO


/* Drop and Re-Create the DDL Trigger */

IF EXISTS (SELECT * FROM sys.triggers
    WHERE parent_class = 0 AND name = 'Trig_Log_DDL_DATABASE_LEVEL_EVENTS')
DROP TRIGGER Trig_Log_DDL_DATABASE_LEVEL_EVENTS ON DATABASE
GO

CREATE TRIGGER Trig_Log_DDL_DATABASE_LEVEL_EVENTS
	ON DATABASE
FOR DDL_DATABASE_LEVEL_EVENTS
AS
/*
-- =============================================
Author:					Andreas Wolter, Microsoft
Create date:			11-2020
Revision History:	

Description:			Database-scope DDL-Trigger to log all Schema-changes

Permissions:			DDL Triggers are executed under the context of the caller - or can be executed under a specific user name using the EXECUTE AS-clause
							Unless a specific User account is used, it needs to be made sure that every potential user who can run DDL statements has also INSERT-Permission to the DDL_Log-Table. It may be fine to use public.
-- =============================================
*/
SET NOCOUNT ON;
SET ANSI_WARNINGS, CONCAT_NULL_YIELDS_NULL ON;
-- XML data operations, such as @data.value('(/EVENT_INSTANCE/EventType)[1]', 'nvarchar(100)'), require both to be ON.

DECLARE
			@EventData			xml
		,	@EventType			nvarchar(50)
		,	@TSQLCommand	nvarchar(max)
		,	@PostTime			datetime2(2)
		,	@SPID					int
		,	@ServerName		nvarchar(128)
		,	@LoginName			nvarchar(128)
		,	@Original_Login		nvarchar(128)
		,	@UserName			nvarchar(128)
		,	@Application			nvarchar( 250 )
		,	@DatabaseName	nvarchar(128)
		,	@SchemaName		nvarchar(128)
		,	@ObjectName		nvarchar(128)
		,	@ObjectType			nvarchar(100)

SET @EventData		= EVENTDATA()
SET @EventType		= @EventData.value('(/EVENT_INSTANCE/EventType)[1]', 'nvarchar(50)' )
SET @TSQLCommand	= @EventData.value('(/EVENT_INSTANCE/TSQLCommand/CommandText)[1]', 'nvarchar(max)' )
--CONVERT(NVARCHAR(max), @EventData.query('data(//TSQLCommand//CommandText)'))
SET @PostTime			= @EventData.value('(/EVENT_INSTANCE/PostTime)[1]', 'datetime2(2)' )
SET @SPID				= @EventData.value('(/EVENT_INSTANCE/SPID)[1]', 'int' )
SET @ServerName		= HOST_NAME()
SET @LoginName		= SYSTEM_USER
SET @Original_Login	= ORIGINAL_LOGIN()
SET @UserName		= USER_NAME()
SET @Application		= COALESCE(APP_NAME(), '** NA **' )
SET @DatabaseName	= DB_NAME()
SET @SchemaName	= CASE WHEN (COALESCE(@EventData.value('(/EVENT_INSTANCE/SchemaName)[1]', 'sysname' ), '** no schema **') = '') THEN '** no schema **' ELSE COALESCE(@EventData.value('(/EVENT_INSTANCE/SchemaName)[1]', 'sysname' ), '** no schema **') END	   -- some events like "GRANT" on a Database return empty string for schema instead of NULL
SET @ObjectName		= @EventData.value('(/EVENT_INSTANCE/ObjectName)[1]', 'sysname' )
SET @ObjectType		= @EventData.value('(/EVENT_INSTANCE/ObjectType)[1]', 'sysname' )

-- disallowing the removal of the DDL-Log Table
-- Disable or Drop the trigger beforehand
IF		@EventType	= 'DROP_TABLE'
  AND	@ObjectName	= 'DDL_Log'
  AND	@SchemaName	= 'Administration'
	BEGIN
		ROLLBACK
	END

-- Filter out operations that do not need to be looged such as Index Maintenance
IF (@EventType NOT IN (
				'UPDATE_STATISTICS'
			--,	'ALTER_INDEX'	-- We do want to include Disabling of indexes
		)
	AND NOT (@EventType = 'ALTER_INDEX' AND @TSQLCommand NOT LIKE '%DISABLE%')
	)
BEGIN

	INSERT INTO Administration.DDL_Log
			   (EventType
			   ,SPID
			   ,ServerName
			   ,LoginName
			   ,OriginalLogin
			   ,UserName
			   ,Application
			   ,DatabaseName
			   ,SchemaName
			   ,ObjectName
			   ,ObjectType
			   ,TSQLCommand
			   , EventData)
		 VALUES
			   (@EventType
			   ,@SPID
			   ,@ServerName
			   ,@LoginName
			   ,@Original_Login
			   ,@UserName
			   ,@Application
			   ,@DatabaseName
			   ,@SchemaName
			   ,@ObjectName
			   ,@ObjectType
			   ,@TSQLCommand
			   ,@EventData)


END;

SET QUOTED_IDENTIFIER OFF

GO

SET QUOTED_IDENTIFIER ON
GO

IF EXISTS (SELECT * FROM sys.procedures
    WHERE SCHEMA_NAME(schema_id) = 'Administration' AND name = 'del_DDL_Log_by_oldest_date')
DROP PROCEDURE Administration.del_DDL_Log_by_oldest_date
GO

CREATE PROCEDURE Administration.del_DDL_Log_by_oldest_date
	@oldest_date	datetime2(0)
AS

/*
-- =============================================
Author:					Andreas Wolter, Microsoft
Create date:			11-2020
Revision History:	
Description:			Remove old rows from DDL_Log

Execution example:
	
EXEC	Administration.del_DDL_Log_by_oldest_date
		@oldest_date = '2020-11-22'

-- =============================================
*/
SET NOCOUNT ON;
SET ANSI_WARNINGS, CONCAT_NULL_YIELDS_NULL ON;

DELETE FROM Administration.DDL_Log
	WHERE PostTime < @oldest_date	-- oldest records date to keep

GO


EXEC sys.sp_addextendedproperty @name=N'Description', @value=N'Maintenance Procedure: Removes old rows from Administration.DDL_Log-Table' , @level0type=N'SCHEMA',@level0name=N'Administration', @level1type=N'PROCEDURE',@level1name=N'del_DDL_Log_by_oldest_date'
GO


-- === / Begin SECURITY

GRANT INSERT
	ON [Administration].[DDL_Log]
	TO public
GO

-- === / End SECURITY


BEGIN TRY
	ENABLE TRIGGER Trig_Log_DDL_DATABASE_LEVEL_EVENTS
	ON DATABASE;
	PRINT 'DDL Watchdog-Trigger active :)'
END TRY
BEGIN CATCH
	PRINT 'Something went wrong'   
	SELECT   
        ERROR_NUMBER() AS ErrorNumber  
       ,ERROR_MESSAGE() AS ErrorMessage;  
END CATCH;



/* =============== Clean up Code
-- run this if you want to drop all related Objects


IF EXISTS (SELECT * FROM sys.procedures
    WHERE SCHEMA_NAME(schema_id) = 'Administration' AND name = 'del_DDL_Log_by_oldest_date')
DROP PROCEDURE Administration.del_DDL_Log_by_oldest_date
GO

IF EXISTS (SELECT * FROM sys.triggers
    WHERE parent_class = 0 AND name = 'Trig_Log_DDL_DATABASE_LEVEL_EVENTS')
DROP TRIGGER Trig_Log_DDL_DATABASE_LEVEL_EVENTS ON DATABASE
GO

 IF EXISTS (SELECT * FROM sys.tables
    WHERE SCHEMA_NAME(schema_id) = 'Administration' AND name = 'DDL_Log')
DROP TABLE Administration.DDL_Log
GO

IF SCHEMA_ID('Administration') IS NULL
BEGIN
	EXEC( 'DROP SCHEMA Administration;' );
END


=============== */ 



/*--=== ALTERNATE SECURITY implementation using a least privileged account during Trigger-execution

If INSERT for Public is not ok, the alternative is to use a specifi User for the Trigger Execution Context.
This is how this could look like:

--===  Create User to write to the DDL-Log-Table and potentially other internal error log tables if not exists
IF USER_ID('DBLogWriter') IS NULL
BEGIN
	CREATE USER DBLogWriter WITHOUT LOGIN
END

-- sticking to best practice to use roles for permission assignment
IF NOT EXISTS (SELECT * FROM sys.database_principals
	WHERE type_desc = 'DATABASE_ROLE'
		AND name = 'RL_DBLogWriter')
BEGIN
	CREATE ROLE RL_DBLogWriter
END

ALTER ROLE RL_DBLogWriter
	ADD MEMBER DBLogWriter
GO

-- now we can grant the Insert-permission onto the whole new schema, even if the table does not exist yet
GRANT INSERT
	ON SCHEMA::Administration
	TO RL_DBLogWriter
GO

-- now change the Tigger header to use:
... WITH EXECUTE AS 'DBLogWriter'

*/

 

 

 

cdwolfling
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
数据库触发器(Database Trigger)
weixin_45434534的博客
02-10 2757
数据库触发器(Database Trigger) 1. 什么是触发器? 触发器是当数据库被修改时自动执行的过程语句(procedural statements)。 例如: 一个银行的审计日志,每一次账户的余额被修改了,触发器就可以更新审计表,存储修改的细节。 2. 触发器的作用 (1) 阻止对表数据的非法操作 (2) 自动更新时间戳或列的值等等 (3) 当数据进行了特定的修改时执行一些商业的行为,...
数据库系统之数据库触发器
Jifu_M的博客
01-11 734
Database trigger什么是Database trigger?主动数据库系统CREATE OR REPLACE TRIGGER 声明Statement database triggerRow database triggersReferences 什么是Database trigger? 数据库触发器是存储在数据字典中的一段代码,每当发生预定义的事件并满足预定义的条件时,它都会自动处理。 打个比方,我们想为所有工资超过100000的员工自动提高工作级别: ON UPDATE OF EMPLOYEE
Database Triggers——数据库触发器
weixin_34319374的博客
06-29 146
一个触发器: 1.就是一个PL/SQL的块,或者一个PL/SQL的过程,和表,视图,模式,或者数据库有关系的。 2.暗中的执行,当一个特别的事件发生的时候 3.可以有两种情况 (1)应用程序触发器 当一个特殊程序的事件在任何时候发生的时候,点火 (2)数据库触发器 对于模式或者数据库,当任何时候发生一个数据事件(例如DML)或者系统事件发生(例如登录或者关机) ----------...
数据库触发器-应该还是应该?
IT与开发人员的地盘
05-25 211
我今天通过电子邮件订阅收到了这篇文章。 好东西! https://accessexperts.com/blog/2018/...Server+Tips%29 From: https://bytes.com/topic/sql-server/insights/970894-database-triggers-should-you-shouldnt-you ...
《数据库》数据库触发器
鹏Apan的博客
04-29 323
baidu
mysql database manual(mysql数据库手册)
09-11
此外,还有事务处理(transaction)、视图(view)、存储过程(stored procedure)和触发器(trigger)等功能,这些高级特性可以帮助用户更高效地管理和操作数据。 以上仅是MySQL数据库的基础操作,实际应用中还...
database concept
05-06
数据库(Database)是组织、存储和管理数据的系统,它能够帮助用户高效地获取、更新和分析数据。在现代信息化社会中,数据库无处不在,从简单的个人信息管理到复杂的商业决策支持,都离不开它的身影。 1. 数据库...
trigger学习资料
05-25
CREATE TRIGGER `<databaseName>`.`<triggerName>` [ BEFORE | AFTER ] > [ INSERT | UPDATE | DELETE ] > ON FOR EACH ROW BEGIN -- 执行的操作 END | ``` 触发器的优点包括: 1. **级联更改**:触发器可以在...
database2ndyear
03-16
10. 触发器(TRIGGER):了解如何创建和使用触发器,在数据插入、更新或删除时自动执行特定的逻辑。 11. 存储过程和函数:深入研究这两者在数据库中的应用,理解它们如何提高性能和安全性。 12. PLSQL与Oracle...
数据库课件总结:Database Chapter Four Outline.docx
05-25
### 数据库课件总结:Database Chapter Four Outline #### 第四章:高级SQL 在本章节中,我们将深入了解SQL数据类型、模式(schemas)、域约束、大型对象类型、单表约束、断言、授权以及触发器等内容。这些概念是...
Database Trigger Use
TAINK
07-22 86
/**************************************************************************     说明:  通过触发器进行排除插入已存在的用户名的的操作 **************************************************************************/ CREATE TRIGGE...
Creating Database Triggers创建数据库触发程序
最新发布
weixin_74400487的博客
03-19 1124
当针对视图发布 DML 语句时,可以使用 INSTEAD OF 子句来代替。Database Trigger Example • The Trigger Name must be unique • The Trigger Event defines when the trigger will fire relative to the DML event触发器名称必须唯一 - 触发器事件定义触发器相对于 DML 事件的触发时间。
【数据库视频】--触发器
郭静静--廊坊师范学院信息技术提高班十六期
02-04 262
依然老套路,5W2H WHAT 触发器也是一种存储过程,但是发生在指定表中,用于数据执行时,使用触发器能够强制性地将不同表的数据联系起来。和一般的存储过程相比,还是不同的,不同在触发器由事件调用,而后者用名称调用。 WHY 自动,安全,强制。 TYPES 要插入时,insert触发器发挥作用,更新时,update,删除时,delete,但如果要防止,响应或记录更改时,则是D...
Oracle触发器3-DDL触发器
独孤清扬玩DB
04-07 1419
DDL触发器,当执行DDL语句时会被触发。按照作用范围,分为schema triggers,database triggers。schema triggers作用在一个用户上,database triggers作用在整个数据库所有用户上。 创建DDL触发器 要创建一个DDL触发器,语法如下: 1 CREATE [OR REPLACE] TRIGGER trigger name --创建一个触...
系统权限ADMINISTER DATABASE TRIGGER的作用
clt3617的博客
07-11 414
基于database创建一个系统trigger,遇到了权限问题,查了一下原来是需要ADMINISTER DATABASE TRIGGER权限[@more@]SQL> create or replace trigger tr...
sql server 2005学习笔记之触发器简介
一个世界一个家,我爱中国!
03-19 1万+
触发器实际上就是一种特殊类型的存储过程,其特殊性表现在:它是在执行某些特定的T-SQL语句时自动的。11.1  触发器简介触发器实际上就是一种特殊类型的存储过程,它是在执行某些特定的T-SQL语句时自动执行的一种存储过程。在SQL Server 2005中,根据SQL语句的不同,把触发器分为两类:一类是DML触发器,一类是DLL触发器。11.1.1  触发器的概念和作用在SQL S
怎样给Oracle 数据库的表加触发器: how to add trigger for Oracle Database table
专栏
04-24 2667
给Oracle 数据库加触发器的脚本
关于数据库触发器(trigger)的简单使用操作
热门推荐
weixin_40256864的博客
07-25 6万+
最近在做一些东西,用到关于数据库触发器的简单使用。比如当我们在做用户模块的表设计的时候,我们建了联用户信息表(t_user)和账号表(t_account),账号表(t_account)用来进行账号的注册 ,密码的修改等操作,而用户表(t_user)则用来存储用户的基本信息(比如:姓名,年龄等),通常我们在 t_user中创建外键(userid)进行关联t_account以保证每个账号下对应一个用户...
【触发器】数据库_触发器实例
07-31 6013
数据库触发器案例 一、课堂演示案例 例一:创建一个简单的insert触发器 先创建一个数据库备用 create database sampledb go   use sampledb go   在新创建的库中创建一个表备用 create table aa (  a int,  b int ) go   在新创建的表上创建一个insert触发器 use samp...
sqlserver使用TSQL语句创建针对CREATE DATABASE ALTER DATABASE,DROP DATABASEDDL触发器
05-25
CREATE TRIGGER tr_create_database ON ALL SERVER FOR CREATE_DATABASE AS BEGIN PRINT 'A new database has been created!' END ``` 2. 针对ALTER DATABASEDDL触发器: ``` CREATE TRIGGER tr_alter_...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值