Auditing Revisited, Makes No Sense To Me
Back in January, I did a series on simple auditing which walked through setting up an audit and creating a simple SSRS report. I actually used the report and the query that I demonstrated for a couple of servers in my stack that require auditing. The basis of this revolves around the following line of code:
SELECT * FROM fn_get_audit_file (‘g:\auditing\*’, DEFAULT, DEFAULT)
This line of code runs great for my login and I never gave it much thought because I am running it from a sysadmin account. When asked for users to be able to run this report that is when things are getting sticky. I cannot fathom why a simple query for log data cannot be attributed to a read-only account. In order for you to run this select statement you either need a sysadmin level account or the CONTROL SERVER permission which pretty much gives you the keys to the kingdom. Why would they do that?
I am sure there is a great technical reason, but why not allow it to filter down to read-only access to simply view the data? With those permissions whoever is in charge of running the audit can manipulate the data however they see fit. That makes no sense to me but then again who am I in the grand scheme of things? Shortly I will post a few different scenarios in how to solve this problem. Enjoy!