有的时候我们需要下放权限给不用的用户,让他们自己能管理一部分SQL Agent Job,此时需要详细记录谁在什么时间修改了Job 甚至删除了Job, 我们可以使用SQL Server 的Audit帮助我们完成记录,参考下面的脚本,根据你的环境改变路径。
USE [master]
GO
CREATE SERVER AUDIT [SQLAgentJobAudit]
TO FILE
( FILEPATH = N'd:\logs'
,MAXSIZE = 0 MB
,MAX_ROLLOVER_FILES = 2147483647
,RESERVE_DISK_SPACE = OFF
)
WITH
( QUEUE_DELAY = 1000
,ON_FAILURE = CONTINUE
,AUDIT_GUID = '0d3c98d4-56ad-446c-b4c7-aff25ee4d140'
)
ALTER SERVER AUDIT [SQLAgentJobAudit] WITH (STATE = OFF)
GO
USE [msdb]
GO
CREATE DATABASE AUDIT SPECIFICATION [DatabaseAuditSpecification-JobAudit]
FOR SERVER AUDIT [SQLAgentJobAudit]
ADD (EXECUTE ON OBJECT::[dbo].[sp_add_job] BY [dbo]),
ADD (EXECUTE ON OBJECT::[dbo].[sp_delete_job] BY [dbo]),
ADD (EXECUTE ON OBJECT::[dbo].[sp_update_job] BY [dbo]),
ADD (UPDATE ON OBJECT::[dbo].[sysjobs] BY [dbo])
WITH (STATE = ON)
USE master
GO
ALTER SERVER AUDIT [SQLAgentJobAudit] WITH (STATE = ON)
GO
如何查看审核日志:
SELECT * FROM sys.fn_get_audit_file ('d:\logs\SQLAgentJobAudit_AUDIT.sqlaudit',default,default);
GO
