Jignesh Raiyani
How DDL trigger works over database?

Database Level DDL Triggers on Tables

September 23, 2019 by

This article portrays the different utilization of database DDL Triggers for the Tables with a counting mail alert on schema composition using DDL (Data Definition Language) standard. Using that efficient method we can keep close eyes on monitoring schema changes in any database of SQL Server. We’ll also see how we could monitor these movements and send an alert email to persons responsible to inform about this change.

Microsoft SQL Server supports using very fundamental elements as SQL Triggers like DDL, DML and Logon Triggers. Table schema changes can be shrouded in DDL type Trigger. Next, we will examine in detail monitoring the blueprint changes and alert for the Tables. Most commonly organizations observe and alert on the database construction changes of the Table with the help of the Database Administrator group.

How DDL trigger works over database?

In a typical production environment, schema changes can be linked with a particular sprint or release if there should arise an occurrence of some little fixes, the schema changes could be sent to a database. Subsequently, we have to screen a few more occasions on the database of which the changes are on a valid path and have been approved by an approved individual or not?

DDL triggers are the convenient option to monitor and track changes on SQL Server objects or to send an alert of suspicious actions or requests from the connected authorized Cadent. It’s quite useful to obtain point by point adjustability to figure out the answers of the following “who”, “what”, “when”, “where”, and “how”?

With the exception of the Development database server, schema changes have to be checked on QA, Stage and Production environment as well. The following scenarios will be explained in detail:

  • Track Schema Changes Event
  • Monitor Schema changes by Role
  • Alert on Schema changes

Track Schema changes Event

EVENTDATA () is an inbuilt function of DDL trigger in SQL Server, which will return the Transaction event details with numerous fields in XML format.

  • EventType (Create Table, Alter Table, Drop Table, etc…)
  • PostTime (Event trigger time)
  • SPID (SQL Server session ID)
  • ServerName (SQL Server instance name)
  • LoginName (SQL Server Login name)
  • UserName (username for login, by default dbo schema as username)
  • DatabaseName (name of database where DDL Trigger was executed)
  • SchemaName (schema name of the table)
  • ObjectName (Name of the table)
  • ObjectType (Object types. such as Table, view, procedure, etc…)
  • TSQLCommand (Schema deployment Query which is executed by user)
  • SetOptions (SET Option which are applied while Creating table or Modify it)
  • CommandText (Create, Alter or Drop object command)

To monitor the schema pattern changes for Tables, Trigger event information has to be put some place(table) and checked by someone for the required activities. DDL trigger will be categorized at Database Level. Secondarily the necessity to convey this trigger on what database this DDL Trigger should be sent. Seen at large, an additional database can exist on the server for some research or examination purposes. So, we don’t have to convey this event method on those databases.

With the intention to monitor the progressions on Dev and QA Environment, schema changes event information ought to be put away someplace in the table. We have placed away event data in the event_data table which is situated in the master database. On the off possibility that off-base schema changes associated with the Table in the database, at that point Database Administrator will be required to deal with this table and determine the root cause to follow who and when rolled out these improvements.

In this model, we will include one DDL Trigger for a DDL operation for a Table. On adding a new table, we will scrutinize the event data which will be embedded in the referenced table (event_data).

DDL Trigger:

Table Script:

Subsequent to Creating or Altering the table, the operation was efficiently finished. What’s more, currently we can check event_data table to get the most recent event_data data. We can see here that each detail of the above transaction has been included in XML design.

In this example, we have legitimately sent out XML in the table. Be that as it may, in an appropriate method for checking that XML ought to be extracted in the Column arrangement of the table. For the same, underneath XML command can support us with getting the required column of event_data only.

Here, @xml is a EVENTDATA() value in a trigger

Monitor Schema changes by Role

At the time when Multiple Developers have to deal with a Project and they have to do changes in a database architecture, it will be difficult for a Database Engineer to observe and restrict the users to apply made changes on database. With this as an understanding, we will make use of Trigger to scrutinize changes in the schema in any database of SQL Server and Insert Record in the table, in such a way we can monitor the history of Schema changes made Over a polling time.

You will get appreciably more data from DDL eventa over the database, yet using custom metrics on the Trigger with the support of logged-in user’s role in SQL Server. We can also limit it. For illustration, the user-defined role and numerous systems will subsist in the SQL Server; however, as a characteristic of organization policy, database owners can determine or modify as they were.

Check the role of Login

This model of strategy can be designed in DDL Trigger and the owner of an engagement can monitor it as well. It can even tell you the best way to utilizing the metrics to differentiate unapproved or unauthorized changes to database objects (tables).

IS_MEMBER() is an in-built function in SQL Server to find that a particular user is a element of specified role or not. We used to keep watch on the user is a member of ‘db_owner’ or not. We can assess the role of a designated user and choose to authorize deliberate changes at the database level with below example.

We have applied a condition to restrict particular users which are not members of ‘db_owner’. Only those members or users can CREATE or ALTER the Table schema, who are existing with that role. On the off chance that the user does not exist or are not from that role; at that point logged-in will get a message which we categorized in the trigger for the same and that Event Data will get embedded in the table, on which Database Administrator will be able to keep close eyes. Indeed, even condition-based object access can be applied for too, in IF clause if it is necessary.

DDL Trigger executed with a message

In the same approach, we can inspect EVENT Data as beneath in XML position.

Alert on Schema changes

The most substantial prerequisite is to get an alert at the point these changes start happening. We can set that up right away in SQL Monitor, using a custom metric. When you get a notification, you would then be able to analyse the facts of the event.

How could we setup monitoring of Schema Changes in Any Database of SQL Server? How could we monitor these developments and send out an alert e-mail to respective persons to Inform about this change? Common practice by engineers is to install schema blindly to a database without going for a check in their changes, however, we are now handling this obstacle and instruct these people from uncontrollably taking shots from the hip.

Information security and administrative acquiescence necessities have turned out to be increasingly rigorous. Thus, DBAs are assigned with the heavy task of giving an exact review trail of schema changes and review this data can often require weeks or long stretches of custom improvement.

The DDL Trigger will drop a mail to concern people including schema changes event details in HTML format.

CODE: ALTER_trigger.sql

Conclusion:

DDL triggers help a lot to manage event information in favour of Policy and Security perspective as part of SQL Triggers. We can fabricate an SSRS report as well on event_data to keep consecutively running against and pulled information as required.

Table of contents

Limit SQL Server Login Authentication scope using a Logon Trigger
Database Level DDL Triggers on Tables
Database Level DDL Triggers for Views, Procedures and Functions
Jignesh Raiyani
168 Views