We have a number of SQL logins that have high level of privilege i.e. sysadmin, db_owner, db_writer, etc.
We are looking to capture:
- when the account was used and by whom
- what query was run against the database
- where this query was triggered from
For 1 and 3, we should be able to put filters or some sort of exclusion list to removed auditing for known users i.e. DBAs and servers where these accounts are permitted to run under that user context.
Please let me know how to extended the auditing to covert for these scenarios.
Many thanks,
Chirag