SQL Server Audit Action Group:
Most auditable operations in SQL Server are grouped together in
but a few operations are available individually for more granular audit policy definition. These are called Audit Actions.
Audit Actions allow you to audit tables and stored procedures. Audit actions mandate
that table row commands (select, insert, update, delete) and a few other commands
be audited on specified database objects when performed by specified users or roles.
For instance you can audit whenever EXECUTE is run on a certain stored procedure
or if someone runs a DELETE command against a certain table.
Audit action rules are very useful for auditing core database activity on critical or senstive tables and stored procedures.
The commands that can be audited are:
- Execute (stored procedure)
- Receive (queue)
- References (raised whenever a REFERENCES permission is checked)
When you enable auditing of one of these commands you must specify which objects
the rule will be appliable to. In the Object Type column of the audit rule you can
- Database - If you select this, the command will be audited for all relevant objects
in the database. There is no need to specify
- Schema - You will need to then select a schema within the database. The command
will be audited for all relevant objects within that schema.
- Object - You will need to then select the appropriate object. For instance if the
command is Insert you will need to select a table, or if the command is Execute
you will need to select a stored procedure.
You must also specify a principal (i.e. user, database role or application role)
for whom the command is audited. For example, if you enable EXECUTE for auditing
and select db_datawriter as the principal, the command will only be audited when
members of db_datawriter run it.
events generated under this
Audit Action Group: