Dynamics GP Direct Database Modifications Audit

Customers that holds certificates such as the ISO and many others, normally having bad fights with auditors on security audits and database monitoring tools, normally I gets allot of requests on how to monitor this up and get rid of those auditors!

Few months back, I created a script that generates database triggers on all database tables and sends all the activities to a transactions log table that in return will hold all transactions.

Lets think about it again, what users should I monitor? Dynamics GP users does cannot access the SQL Databases using any other application as all the passwords are encrypted and only Dynamics GP application and Mariano Gomez can decrypt it! I mean only Dynamics GP!

So users that need to be monitored are listed below:

1. Users that does not have access to Dynamics GP but have direct access to the SQL.

2. Users that has access to both Dynamics GP and SQL Databases and does not have their passwords encrypted, which are only two “sa” and “DYNSA”.

3. Users that’s login using windows authentication.

Now using SQL 2008, you can audit all above using the Database Audit feature, go to “SQL Server –> Security Folder –> Audits” and follow steps below to activate this:

Create new Audit:

image

Go to the database you wish to monitor, navigate to its security folder –> Database Audit –> Create new:

image

Now you need to specify actions you wish to audit, personally I wanted to monitor “Insert, Update, Delete and Execute” for non-GP users, “dbo” represents any user with sysadmin permissions, which includes “sa” and “DYNSA” and “SYSTEM” users represents any user logged in using windows authentication.

Set back and relax watching any unwanted modifications done on the database monitored, and view what does this recorded from time to time by right clicking your audit and selecting “View Audit Log”:

image

image

For CFO’s and top management reporting, you cannot ask them to go to your SQL and view the report! So you will have to setup another solution:

1. Create a new view on your Master database with the following command:

SELECT     *
FROM         dbo.fn_get_audit_file(‘C:\Database Modifications Audit\*’, DEFAULT, DEFAULT)

Where “Database Modifications Audit” is the folder I created on the C:\ Drive to save all my logs.

2. Create a new SQL Login that has permissions only on this view.

3. Create an excel file that reads directly from this view using Data Source.

4. Send this excel file to the top management and ask them to refresh.

Regards,

Mohammad R. Daoud – CTO
MVP, MCT, MCP, MCBMSP, MCTS, MCBMSS
+962 – 79 – 999 65 85 
mohdaoud@gmail.com
mohdaoud.blogspot.com

Advertisements

About Mohammad R. Daoud
Mohammad R. Daoud has been working as a Microsoft Dynamics GP consultant since 2004. His career path started with version 7.5; he studied every single tip of the application technicalities and did allot of successful implementations that includes functional consultations, analysis, and custom development projects. He holds a graduate degree in Computer Science and currently he is pursuing MBA degree in Accounting. In January 2007 he was nominated to the Microsoft Most Valuable Professional (MVP) certificate and was certified in April 2008 due to his online contributions in the Dynamics Community (Dynamics GP Newsgroups, Forums, User Groups and his blog: http://mohdaoud.blogspot.com). Worth to mention that he was also listed as one of the Microsoft Dynamics Top 100 Most Influential People in 2009 by DynamicsWorld. And more... • Demonstrated Passion for MS Products through participating in beta testing for some product versions, an effective member of Microsoft Connect. • Talented in securing strong high quality relationships with premier customers, partners and sales teams passionately and profitably. • Dedicated to meeting the expectations and requirements of internal and/or external customers • Problem Solver – Uses systematic approach to uncover true problem(s) and practical solution and can marshal resources to solve problem! • Proven record of effective account management, including Account Planning, Opportunity Management, and Business Management Excellence and working as part of a larger virtual team • Successful in delivering high quality technical engagements in the enterprise Dynamics GP implementations area according to customer requirements. • Dedicated, Committed, Self Motivated, Creative and highly focused with excellent communication, Negotiation, presentation, Active Listening and Objection Handling skills. • Experienced in Profitable researches and studies including white papers and technical presentations.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: