 | A community of more than 1,600,000 database professionals and growing |
| | | Internal Controls I was browsing the Internet and stumbled on a small part of a larger story that struck me. Many of you may have heard of the story of Jamal Khashoggi, the journalist for the Washington Post that was killed. I hadn't spent much time reading about the story, and I don't really want to discuss that topic here. The politics of the situation are not relevent here. There's a part of the NY Times background story that caught my eye when a quote was posted on Twitter. This is part of that quote: " The intelligence officials told the Twitter executives that Mr. Alzabarah had grown closer to Saudi intelligence operatives, who eventually persuaded him to peer into several user accounts". Essentially, an employee at Twitter was accused of accessing, and potentially disclosing, sensitive data about customers. This is what I want to discuss. In my career, there are quite a few times that I've had to access data to solve some problem, debug an application, or produce a report. In many cases, I've had to maintain some confidentiality of the data, not even discussing specifics with other employees that were not supposed to view that information. To me, that's just part of being a professional. We handle all sorts of data, some of which we should never use outside of solving an issue or producing a report. As I thought about what was alleged here, I wonder how many social media companies have controls or auditing to determine who has accessed information. Would they be able to actually produce a report that validates some assertion that data was, or was not, accessed. I doubt many companies have these kinds of controls. Unless some Excel file or other export was on a file share, would there be evidence? Then I thought does anyone really do a good job of producing audit records for information access? I know some government and law enforcement systems do this (and some legal software), actually tying queries and results to some individual and even a piece of work. That's not the nature of information for most of us, though perhaps it ought to be. Auditing data, especially for information access, could be a huge amount of data. Even keeping a record of all user access for a week in most SQL Server databases might be more data than many of us have in our database. I do think we ought to have the option, and I'd hope that we get more detailed, more capable, and more configurable methods of auditing SQL Server activity in the future (Hint, give us SQL Audit data in a csv). Steve Jones from SQLServerCentral.comJoin the debate, and respond to today's editorial on the forums |
| The Voice of the DBA Podcast Listen to the MP3 Audio ( 3.2MB) podcast or subscribe to the feed at iTunes and Libsyn.  The Voice of the DBA podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. |
|
|
|
| | ADVERTISEMENT |  | | Database DevOps Demo Webinar Learn how to automate your database deployments alongside your app code in this free demo webinar. Register now |
|  | | The 4 pillars of SQL Server Monitoring 5 SQL Server experts; Grant Fritchey, Rodney Landrum, Kathi Kellenberger, Phil Factor and Tony Davis, use their many years of experience working and maintaining data systems to explain the 4 key strategies required for a successful, estate-wide monitoring solution. Download your free copy now |
|
|
|
| | |  | Stan Kulp from SQLServerCentral.com The open source Barcode Image Generation Library enables insertion of twenty-seven different types of linear barcode symbols into SSRS reports without the use of barcode fonts. More » |
 | In this webinar, Microsoft MVP Kendra Little will discuss the value of DevOps from the perspectives of CEOs, CIOs/CTOs, and Managers. She will explore how the role of CIOs and CTOs are undergoing a major transformation, and how DevOps aligns with that transformation. More » |
 | Additional Articles from SimpleTalk In the third article of this series on testing PowerShell code with Pester, Robert Cain demonstrates how to test the functions in a PowerShell module. More » |
 | Solomon Rutzky from SQLServerCentral Blogs (last updated: 2018-11-01 @ 00:50 EDT / 2018-11-01 @ 04:50 UTC ) SQL Server 2017 introduced a new security restriction for SQLCLR in the... More » |
| | From the SQLServerCentral Blogs - Zombie SQLKenneth Fisher from SQLServerCentral BlogsIt Halloween so time for a scary SQL story. Ok, maybe not that scary. Ok, not scary at all, but... More » |
|
|
| | | Today's Question (by Steve Jones): I put a mask on my OrderDetail table as follows: ALTER TABLE dbo.OrderDetail ALTER COLUMN ProductName ADD MASKED WITH (FUNCTION ='partial(5, "xxxxxx", 0)') In this table, I have a product named "Hats" in one row. If a user that does not have the UNMASK permission queries that row, what is returned to them? |
Think you know the answer? Click here, and find out if you are right.
We keep track of your score to give you bragging rights against your peers.
This question is worth 1 point in this category: Dynamic Data Masking. We'd love to give you credit for your own question and answer.
To submit a QOTD, simply log in to the Contribution Center. |
|
|
| |
| | Yesterday's Question of the Day |
| Yesterday's Question (by Steve Jones): I decide to add a computed column to one of my tables. I use this code: ALTER TABLE dbo.SalesOrderHeader ADD WhichDay AS DATEPART(dw, OrderDate) I want to index this column. What happens when I run this code? CREATE INDEX SalesOrderHeaderIX_DayofWeek ON dbo.SalesOrderHeader (WhichDay)
Answer: The index is not created because of another error Explanation: In this case, the column does not create a deterministic value, so it cannot be indexed. Ref: CREATE INDEX - click here
» Discuss this question and answer on the forums |
|
|
| Database Pros Who Need Your Help |
| Here's a few of the new posts today on the forums. To see more, visit the forums.
Help with script. - Please forgive me if im in the wrong area. New To SQL. I have 2 SQL statements but i need to...
When is DECLARE absolutely required? - After the CREATE PROCEDURE line, the next line defines a parameter variable. Why isn't the DECLARE keyword used here? Starting... trying to avoid the Arithmetic Overflow error - How can I convert the number to DECIMAL (4,1) and then back to varchar (this is a varchar (40) column... Column names on INNER JOINS - In my code below I have Invoices.InvID
Looking for a SQL Statement to populate the TOTAL row in this SQL Server table - This is the actual SQL table, imported into Excel. The attached Excel file shows that I need to fill the... Julian Date - I have a table called ORDER with columns OrderDate and OrderTime both are in Julian Date format. I'm trying to... Optimize a LIKE '%text%' query - Hello! Is there a way of optimizing(/workaround) the performance of a LIKE '%text%' query, on a non-unique column (so, no full... SFTP Options with SQL 2016 ? - Does SQL 2016 have any native support for SFTP ? Looks like previously 3rd party add-ins were the way only option.
Placing data file , log file and temp file in 1 drive or separate drive ? - Hi Guys, I am confused with placing data file , log file and temp file When I did browsing , I found...
Problem using expression in SSIS - Hi, Below is the expression i am trying to make work : substring ("Archive_Full_20120731200002",1, (FINDSTRING( "Archive_Full_20120731200002","Full_", 1)-2)) Whe I use the exact string(Archive_Full_20120731200002)...
SELECT TOP 1 on Primary Key? - I have a table (let's call it TableA) with a primary key defined (let's say the column is called ColumnPrimary).... |
|
| This email has been sent to newsletter@newslettercollector.com. To be removed from this list, please click here.
If you have any problems leaving the list, please contact the webmaster@sqlservercentral.com.
| This newsletter was sent to you because you signed up at SQLServerCentral.com.
Feel free to forward this to any colleagues that you think might be interested.
If you have received this email from a colleague, you can register to receive it here.
| This transmission is ©2018 Redgate Software Ltd, Newnham House, Cambridge Business Park, Cambridge, CB4 0WZ, United Kingdom. All rights reserved.
Contact: webmaster@sqlservercentral.com |
|
|
