Change Request Tracking

No-Opt Change Request Tracking

Link every database change to a change request number with a single SQL statement. No agents, no plugins, no application changes—just run a SELECT and start working.

How It Works

Before making database changes, execute a simple SQL statement that embeds your change request number. DB Audit captures this tag and automatically correlates every subsequent query in the session to that change request. The query returns no rows and has zero performance impact—it's purely a signal to the audit system.

The Magic Statement 
-- Tag the current session with a change request
SELECT 'CR:CR_NUMBER_HERE' WHERE 1 = 0;

The WHERE 1 = 0 clause ensures zero rows are returned and zero performance overhead. DB Audit's streaming parser detects the CR: prefix and begins tracking.

0ms
Performance overhead
0
Configuration required
All DBs
Supported platforms

Capabilities

SQL Convention Tagging

Prepend a simple SELECT statement before your changes to tag them with a change request number. DB Audit captures the CR tag and associates all subsequent queries in the session.

  • Works with any SQL client or tool
  • No application code changes required
  • No database plugins or extensions needed
  • Compatible with all supported databases

Session Correlation

DB Audit automatically correlates all queries within a session to the tagged change request. Every INSERT, UPDATE, DELETE, and DDL statement after the tag is linked to the CR.

  • Automatic session-to-CR binding
  • Tracks all DML and DDL operations
  • Cross-database session support
  • Handles connection pooling correctly

Change Request Audit Trail

Generate a complete audit trail for every change request showing exactly what changed, who changed it, when, and on which database. Export reports for auditors.

  • Per-CR change reports
  • Before/after data snapshots
  • Exportable for auditor review
  • Searchable by CR number, user, or date

Change Control Compliance

Meet SOX, ITIL, and internal change management requirements. Detect unauthorized changes that were not tagged with a valid change request number.

  • Flag untagged database changes
  • Validate CR numbers against ITSM systems
  • SOX separation of duties reporting
  • ITIL change management integration

Basic Usage

Run the CR tagging statement at the start of your session or script. All subsequent queries are automatically linked to the change request until the session ends or a new CR tag is issued. 

-- Tag the session with a change request number
SELECT 'CR:CR-2024-001234' WHERE 1 = 0;

-- All subsequent queries are now linked to CR-2024-001234
ALTER TABLE customers ADD COLUMN loyalty_tier VARCHAR(20);
UPDATE customers SET loyalty_tier = 'silver' WHERE total_orders > 10;
UPDATE customers SET loyalty_tier = 'gold' WHERE total_orders > 50;

Script Integration

Add the CR tag to your deployment scripts, migration tools, or runbooks. The tag works with psql, mysql, sqlcmd, or any SQL client.

psql PostgreSQL: run the SELECT as the first statement in your session or script.
mysql MySQL/MariaDB: works identically with the mysql CLI or any MySQL connector.
sqlcmd SQL Server: use sqlcmd or SSMS query window. The statement works in any T-SQL context.
ORM / App Code Optional: inject the tag via raw SQL in any ORM before executing migrations. 
#!/bin/bash
# deploy-schema-change.sh
# Automatically tags all changes with the CR number

CR_NUMBER="$1"
DB_HOST="production-db.internal"
DB_NAME="app_production"

if [ -z "$CR_NUMBER" ]; then
  echo "Usage: ./deploy-schema-change.sh CR-2024-001234"
  exit 1
fi

# Tag the session, then run the migration
psql -h "$DB_HOST" -d "$DB_NAME" -c "
  SELECT 'CR:$CR_NUMBER' WHERE 1 = 0;
  -- Migration statements follow
  \i migrations/latest.sql
"

echo "Migration applied under $CR_NUMBER"

Querying Change Requests

Look up the complete audit trail for any change request via the dashboard, CLI, or API. See every statement, who ran it, when, and what was affected. 

# Query audit events by change request number
dbaudit query --cr CR-2024-001234

# Output:
# CR: CR-2024-001234
# Session: psql (user: dba_jones, host: 10.0.1.50)
# Database: app_production @ production-db.internal
# Started: 2024-03-15 14:32:01 UTC
# Duration: 2m 14s
#
# Statements:
# 1. ALTER TABLE customers ADD COLUMN loyalty_tier VARCHAR(20)
#    Rows affected: 0 | Duration: 245ms
#
# 2. UPDATE customers SET loyalty_tier = 'silver' WHERE total_orders > 10
#    Rows affected: 12,847 | Duration: 1.2s
#
# 3. UPDATE customers SET loyalty_tier = 'gold' WHERE total_orders > 50
#    Rows affected: 3,291 | Duration: 890ms

Change Control Policies

Create policies that require a valid change request tag for DDL statements and bulk data changes. Get alerted when someone makes changes without a CR number.

SOX Compliance

Sarbanes-Oxley requires that all changes to financial systems are authorized through a formal change management process. DB Audit's CR tracking provides the audit evidence that every database change was linked to an approved change request. 

# Change Control Policy
# Alert on database changes without a valid CR tag
policies:
  - name: require-change-request
    type: change_control
    enabled: true
    description: Flag DDL and bulk DML without a change request tag

    rules:
      # Require CR tag for all DDL statements
      - name: ddl-requires-cr
        events: [create_table, alter_table, drop_table, create_index]
        require_cr_tag: true
        action: alert
        severity: high
        channels: [slack, email]

      # Require CR tag for bulk data changes
      - name: bulk-dml-requires-cr
        events: [update, delete]
        condition: affected_rows > 100
        require_cr_tag: true
        action: alert
        severity: medium
        channels: [slack]

    exceptions:
      users:
        - monitoring_user
        - backup_service
      applications:
        - automated_etl

DB Audit vs. Legacy Tools

Legacy tools like IBM Guardium require weeks of setup with S-TAP agents, custom modules, and application code changes to track change requests. DB Audit uses a zero-config SQL convention that works immediately with any database. 

# Guardium Change Request Tracking
# Requires:
# 1. S-TAP agent installed on every database server
# 2. Custom GIM module configuration
# 3. Application code changes to pass CR through comments
# 4. Guardium policy engine configuration
# 5. Custom report builder setup
# Typical setup time: 2-4 weeks per database

# ─────────────────────────────────────

# DB Audit Change Request Tracking
# Requires:
# 1. Run one SQL statement before your changes
# That's it.
# Setup time: 0 minutes

Next Steps

Security Policies
Alerting Configuration
Querying Audit Logs

Ready to Track Change Requests?

Start linking database changes to change requests in seconds. No setup, no agents, no configuration.

Start Free Trial Talk to Sales