Osama_mustafa wrote:Even if a user is at some level a legit user of an application, if there is a suspicion of malicious activity, there is a strong case for locking the user immediately. So what if he can't do his job? There are bigger considerations. As in all forensic activity, management needs to weigh the options ofmarksmithusa wrote:By doing that the user will be unable to insert or update columns which maybe required by the application, so it not the right solution , as i told you before you need to check privileges for this user and grant him the required one only.
If you know that the user is executing suspicious DML operations, why not remove their ability to perform those and give them read-only access?
Is the user being malicious or just lacking in knowledge?maybe both
Auditing on all that user's activity is the best way to do this - but if I KNEW the user running MALICIOUS code, that account would be locked down immediately.to do that you should monitor your database , and check user activity prevent running unknown scripts on prod database you, for test script you should have something called Dev database