In SQL Auditing, is is possible to see the actual individual SELECT sql statement (i.e. SELECT * FROM table WHERE field=value) instead of just “Reads” on table X ?
Hi Vincent, unfortunately, at the moment it is not possible to add the text of the query as a detail. It sounds like a feature request. I recommend creating a topic in Auditor > Ideas with the details such as:
- Can you clarify the question, should it be the full text?
- Complex queries can be left in the text on 1-2 pages.
- I think it will not be very informative to show it as is.
Hi Evgeniy,
I think my security team would like to be able to see the all query statements to know what a potential attacker could see and what sensitive data could be stolen.
I understand that collecting the full statement could be challenging and resource-intensive. I believe it would be useful to see, at least, the column names of the table where read by the SELECT.
As a note, other software like ManageEngine or Quest ApexSQL are able to show the SELECT statements.
Thank you
Hi Vincent,
Fair enough. Specific columns and queries through a separate setting will add more information to the audit data.
Thank you very much for your idea, we will discuss it with the PM.
There is no such functionality at the moment.
Thank you,
Evgeniy