SQL Anywhere Studio Security Guide
Auditing
This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.
In some cases, it may be useful to know the name of the user who was logged into Windows NT at the time that some audit records were generated. For example, if a DBA notices a lot of failed logon attempts grouped together, he may want to know who was logged into Windows NT at the time that these attempts were made. There are two ways to do this, depending on the type of information that is required.
In the above example, you would simply record the time at which the audit event in question took place - all audit events include the date and time of the event. Then, log into Windows NT as the administrator, and run the Event Viewer application. From the Log menu, choose Security to see the logon and logout audit records. Locate and double click the Logon/Logoff event immediately before the date and time of the audit event in question. It should be a Successful Logon event. The user name and domain of the user that logged on will appear, and tell you who was logged into the Windows NT workstation at the time that the audited event occurred. Note that this is only possible if auditing of Windows NT logons and logouts was enabled during Operating system installation.
If the audit log contains information about a specific connection, and you need to correlate that with a particular Windows NT user, this second method is easier. Since integrated login is used for all connections, the database user is mapped to a particular Windows NT user. Since this mapping must be one-to-one, we know that no other Windows NT user can be mapped to this database user. To find the name of the Windows NT user given the database login ID, execute the following SQL statement:
SELECT lg.integrated_login_id FROM syslogin lg KEY JOIN sysuserperm p WHERE p.user_name='login ID'