I have an application that accesses my SQL Server using a username\password. However our lead developer has access to this password and I suspect that he may be utilizing this outside of our terms of agreement. My wish is to audit for anytime this username (appaccount) accesses our database and any commands that are issued.
Luckily this application uses purely stored procedures with passed in parameters when it accesses the database so anytime the account runs a T-SQL statement it has to be from our developer in question.
My ideal output would be something like this:
Datetime | Username | Action Performed
11:23am | appaccount | "Select * from claimstable"|
11:26am | appaccount | "update table ...(skip change control process)"|