In SQL Server 2005, you can get data regarding the event that initiated the DDL trigger by accessing the EventData() function. This function returns information about server or database events and is stored in a variable that uses the XML data type. What we need to do is capture the data returned by the EventData() function and store it in a database table for reporting purposes. You can store that data directly in an XML column or process it first before storing it as ordinary columns in a table. But since the returned type is XML, we need to apply a bit of XQuery against the data generated by the function. To identify the elements in the XML data returned, use Index or Search to locate the topic for the event in SQL Server Books Online. For this particular tip, we will use table-related events. The DDL_TABLE_EVENTS type describes what data can be captured for a CREATE, ALTER or DROP TABLE event.
Let's use the Northwind database for this example. We will create a table that will store the data returned by the EventData() function. We will only choose a few items from the schema generated by the ALTER_TABLE event; namely, the TSQLCommand, PostTime, LoginName, and EventType which is included in every event.
Create the event log table
USE Northwind GO CREATE TABLE EvtLog ( PostTime DATETIME, LoginName NVARCHAR(100), EventType NVARCHAR(100), TSQLCommand NVARCHAR(2000) ) GO
Create the DDL trigger
CREATE TRIGGER trPreventTblChange ON DATABASE FOR ALTER_TABLE AS DECLARE @Data XML SET @Data = EventData() INSERT EvtLog (PostTime, LoginName, EventType, TSQLCommand) VALUES (GETDATE(), CONVERT(NVARCHAR(100), CURRENT_USER), @Data.value('(/EVENT_INSTANCE/EventType)', 'nvarchar(100)'), @Data.value('(/EVENT_INSTANCE/TSQLCommand)', 'nvarchar(2000)') ) ; GO
First, we declare a variable named @Data that will be of XML data type
Next, we assign the value returned by the EventData() function to the variable
Then, in the INSERT statement, we retrieve the element values in the @Data variable using XQuery and the value() method. We use the value() method as it takes a second parameter, represented by the value 1 as it is based on the zero index, that is the name of one of the SQL Server built-in data types. The value is returned as an instance of that type. Also, the value() method gives you better results with the formatting of the XML data
Test the trigger
Let's add a new column on the Region table in the Northwind database
USE Northwind GO
ALTER TABLE Region ADD newColumn SMALLDATETIME NULL
Querying the EvtLog table will give you the data returned by the EventData() function, stored in tabular format as we have already extracted the element values inside the XML data from inside our trigger definition.
You can define DDL triggers as well as capture event details using the EventData() function on the database or server level. This approach is just to audit DDL activities and store the event details in a log table. You can have a central database that will store all the events done on both the database and server level. It is not efficient nor effective to audit every event due to the immense amount of audit record logging processes so make sure that you plan what events you need to audit.
Implement DDL triggers with EventData() function in your SQL Server 2005 instances
Evaluate events that need to be audited based on your corporate policies as defined by your security teams
You can get the Northwind database used in the sample here.
Last Update: 8/27/2008
About the author
Edwin M Sarmiento is a Microsoft SQL Server MVP and Microsoft Certified Master from Ottawa, Canada specializing in high availability, disaster recovery and system infrastructures.
I am trying to design a Database-level DDL trigger that automatically creates table with same structure and with different name on same/different database when a CREATE Table is triggered. I similarly require to handle modification of table stuctures to reflect on other table.
Friday, January 11, 2013 - 6:13:38 PM - bass_player
I haven't tested this yet but it seems that it won't work. The reason being is that there are certain transactions that cannot be rolled back, such as creating a database. Therefore, you won't b able to include it in your trigger definition. I've done a similar thing before that automatically runs a backup of a newly created database and that also didn't work.
I am trying to design a server-level DDL trigger that automatically creates objects on a newly created database (schema, functions, etc.) when a CREATE DATABASE is triggered. However, it does not appear that I am able to switch context to the newly created database to create these objects. Is there something I'm missing? Is this even possible?
IF EXISTS (SELECT * FROM sys.server_triggers WHERE name = 'ddl_trig_database') DROP TRIGGER ddl_trig_database ON ALL SERVER; GO
CREATE TRIGGER ddl_trig_database ON ALL SERVER AFTER CREATE_DATABASE AS declare @curdb as varchar(256); set @curdb = DB_NAME(); -- this is typically set to 'master'
declare @newdb as varchar(256); set @newdb = EVENTDATA().value('(/EVENT_INSTANCE/DatabaseName)','nvarchar(max)');
EXEC ('use ' + @newdb); -- doesn't work
declare @ex_script as varchar(max); set @ex_script= 'CREATE SCHEMA [xyz] AUTHORIZATION [dbo];'
EXEC (@ex_script); -- this creates the schema on 'master' instead of the new db
EXEC ('use ' + @curdb); GO
Tuesday, April 24, 2012 - 2:40:10 AM - Brando Mortiz
TSQLCommand data from EventData() is shown in 1 line only. This would be troublesome to read especially for stored procedures composed of many lines. How would you display this in paragraph form? with the line feeds and carriage returns?