MSSQL LOGIN Trigger Usage and Features

LOGON Trigger is an event that occurs when a user session is established in a SQL Server instance, and is used to control user logins.

LOGIN Trigger Characteristics

  • LOGON Trigger can be thought of as another type of stored procedure that responds to the LOGON event.
  • LOGON Trigger occurs after the authentication phase of login is completed, but before the user session is established.

  • In other words, the trigger is executed when a session is created after authentication of the user ID, password, and authority is completed.
  • LOGON Trigger is not executed if authentication of the user ID, password, or authority fails. - LOGON Trigger is used when tracking the activities of logged-in users.
  • You can also restrict logins to SQL Server, and limit or control the number of sessions for a specific login.

  • See the explanation of the picture in the post about Trigger features and types.

How to use LOGIN Trigger

Creating a LOGIN Trigger.

  • How to restrict user access with LOGIN Trigger sessions.
  • This is the source code.
USE master;
GO
CREATE LOGIN AurumGuideLoginTrigger
WITH PASSWORD = N'aurumguide' MUST_CHANGE,CHECK_EXPIRATION = ON;
GO
GRANT VIEW SERVER STATE TO AurumGuideLoginTrigger;
GO

CREATE TRIGGER tr_AurumGuide_Login_Trigger ON ALL SERVER
WITH EXECUTE AS N'AurumGuideLoginTrigger'
FOR LOGON AS BEGIN
    IF ORIGINAL_LOGIN() = N'AurumGuideLoginTrigger'
    AND (
        SELECT COUNT(*)
        FROM sys.dm_exec_sessions
        WHERE is_user_process = 1
          AND original_login_name = N'AurumGuideLoginTrigger') > 1
    ROLLBACK;
END;
  • LOGIN Trigger How to set the user’s access history.
USE master;
DROP TABLE IF EXISTS AurumGuide_Login_Trigger;
-- Create Sample Table 
CREATE TABLE AurumGuide_Login_Trigger(
    AurumId           varchar(100),
    loginTime         datetime 
); 
GO 
-- CREATE TRIGGER;
CREATE TRIGGER tr_AurumGuide_Login_Log ON ALL SERVER
WITH EXECUTE AS N'AurumGuideLoginTrigger'
FOR LOGON AS BEGIN
  IF ORIGINAL_LOGIN() = N'AurumGuideLoginTrigger'
  BEGIN 
    insert into AurumGuide_Login_Trigger
    values('AurumGuideLoginTrigger',GETDATE())
     ;
    END;
END;
go
SELECT *
 FROM AurumGuide_Login_Trigger;
  • AurumGuideLoginTrigger needs permission to insert into the table.
  • Error message.
  • Logon failed for login ‘AurumGuideLoginTrigger’ due to trigger execution. Changed database context to ‘master’. Changed language setting to us_english. (Microsoft SQL Server, Error: 17892)
  • Please refer to the link for user creation and permissions.
  • How to create and delete MSSQL users.

Source code description.

Create a connection history (audit function).

Delete LOGIN Trigger.

How to delete LOGIN Trigger?

DROP TRIGGER tr_AurumGuide_Login_Log ON ALL SERVER;

LOGIN Trigger Notes

  • When creating a LOGIN Trigger, I want to perform specific tasks for specific LOGIN IDs.
  • For example, if the access history for all LOGIN IDs is recorded in a table and the table is accidentally deleted,
  • A LOGIN Trigger error occurs and no one can access the server.
  • You need to delete the trigger to be able to access SQL Server.
  • If it is not possible to resolve, please let me know in the reply.

Categories:

Updated:

Leave a comment