Auditing database administrator actions with SQL Server 2014 Standard

We have a requirement to audit database administrator access to customer databases - at a minimum, knowing which customer database they were accessing (and ideally why). Without upgrading to SQL Enterprise or installing a proxy like GreenSQL are there any alternative options open to us?

I'm thinking for example some kind of privileged script that elevates (sudo style) your privileges to access a database, which logs this to the event log, and reduces them again later.

Is there any way to achieve this that would reliably auditable? Are there any other approaches we should consider?

If you only need to track database access, maybe collecting schema stability locks with extended events is enough.

I blogged this idea last week for a totally different reason (tracking unused objects) but the script can be adapted to fit your needs. You can find it here.

Basically, it reads an extended events session using the streaming api and then saves summary information in a table at regular intervals. In your case you need the individual events and probably the sql text as well. It really depends what you're trying to achieve. Maybe a simple and plain file target is enough.

StackExchange Database Administrators Q#98857, answer score: 4