堆栈内存溢出
  简体   繁体   English

Azure SQL:如果有人导出数据库,如何得到通知?

[英]Azure SQL: How to be notified if someone exports the database?

 原文  2020-12-16 01:10:57       sql-server/ azure-sql-database

问题描述

I run a system based around an Azure SQL Database.我运行一个基于 Azure SQL 数据库的系统。

A few different team members need to have read access to this database to perform support and management tasks.一些不同的团队成员需要对该数据库具有读取权限才能执行支持和管理任务。

However, I am concerned that by having access to the database, one of them may - with the best of intentions - export the database and manage the backup carelessly, resulting in a data breach.但是,我担心通过访问数据库,其中一个可能 - 出于好意 - 导出数据库并粗心地管理备份,从而导致数据泄露。

How can I get Azure to notify me if somebody backs up the database (or downloads more than X million rows, maybe?) These people need to have database access, I would just like to know if they use it in a way that could cause a security risk for the platform.如果有人备份数据库(或下载超过 X 百万行,也许?)我如何让 Azure 通知我这些人需要访问数据库,我想知道他们是否以可能导致的方式使用它平台的安全风险。

1 个解决方案

解决方案1
 0 已采纳  2020-12-17 07:54:56

You can use Extended Events for this.您可以为此使用扩展事件

To set it up on Azure you can follow this tutorial.要在 Azure 上进行设置,您可以按照教程进行操作。

For your case对于您的情况

  1. You create a session您创建一个 session
  2. You Select the rpc_completed ( docs ) event and click configure你 Select rpc_completed ( docs ) 事件并点击配置

选择扩展事件

  1. In the Global Fields tab you can select the fields you want to keep track of.Global Fields选项卡中,您可以 select 您要跟踪的字段。 Ie: Username, sql_text, session_id, database_name, client_*即:用户名、sql_text、session_id、database_name、client_*

  2. In the Filter tab you can select a filter condition.Filter选项卡中,您可以 select 过滤条件。 In your case row_count would be appropriate.在您的情况下, row_count 将是合适的。 按 row_count 过滤

When malicious users are smart, and retrieve small numbers of rows and page them this will go undetected.当恶意用户很聪明并检索少量行并将其分页时,这将无法检测到 go。 So a second filter could be Querys without WHERE clauses or a different approach based on your case.因此,第二个过滤器可以是没有 WHERE 子句的查询,也可以是根据您的情况使用不同的方法。

When extended events are setup to write to blobstorage.当扩展事件设置为写入 blobstorage 时。 You would have a different process (Azure Function, Runbook, ...) that would inspect the result and alert you.您将有一个不同的过程(Azure Function、Runbook 等)来检查结果并提醒您。

Extended events are moslty used for troubleshooting, they replace SQL profiler.扩展事件主要用于故障排除,它们取代了 SQL 分析器。 So turning it on a production server may have a performance impact.因此,在生产服务器上打开它可能会对性能产生影响。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure SQL 导出无法在 blob 容器中备份 - Azure SQL exports fail to backup in blob container 如何监视(或观察)SQL Server 数据库中的数据(或架构)更改以及如何在客户端获得通知? - How to monitor (or watch) the data (or schema) changes in a SQL Server database and how to get notified in the client side? 如何连接到Azure SQL数据库? - How to connect to Azure SQL database? 如何将Azure SQL数据库迁移到另一个Azure SQL数据库 - How to migrate Azure SQL Database to another Azure SQL Database 如何自动将本地SQl数据库与Microsoft Azure Sql数据库同步? - How to auto sync local SQl Database with Microsoft Azure Sql database? 如何还原我的Azure SQL数据库 - How to restore my Azure SQL Database 如何在Microsoft Azure的Sql数据库中存储数据 - How To store data in Sql database in Microsoft Azure 如何在Azure SQL数据库中更改索引属性 - How to change the index property in Azure SQL Database 如何使用Azure SQL数据库防止/处理ErrBadConn - How to prevent / handle ErrBadConn with Azure SQL Database 如何定期截断 Microsoft Azure 上的 SQL 数据库 - How to truncate SQL database on Microsoft Azure periodically
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM