This question rises from a dispute between "Financial Department" and "IT Department" in a Production Company.
This company has it's own IT Department witch provides Financial Software tools and all other ERP-Like tools for this company. Because the IT Department itself is part of this company actually the salary of software developers and database admin is calculated and paid through the software and databases designed and maintained by themselves. so the financial department is feared of database manipulation by the system admins. also they don't want to use other software tools and want to remain in the current software and database solutions.
Now the Question is:
How is it possible to monitor an Sql-server database to prevent any intended manipulation by database admin? the solution must be in a way that insures the system works fine but any manipulation by system admin will be traceable for financial department and system admin will not be able to erase his/her manipulation traces.
of course any simplified and tutorial based approach suggestion will be appreciated.
Best Answer
Sure, this is what compliance auditing solutions like IBM Guardium and Imperva do. They're appliances that sit in between your SQL Server and the rest of the network, and they capture everything that happens without affecting end user activities.
They're expensive - think six figures and up for the full implementation, and it's not going to be discreet.
If you were looking for something free or cheap, you can try using the built-in auditing features in SQL Server, or software products like Idera Compliance Manager, but be aware that sysadmins can disable those tools (because they're likely gonna be the ones installing them anyway.)