Audit Action Groups

SQL Server groups auditable actions in to convenient categories called Audit Action Groups. You can enable action groups for auditing on a specific database or across the entire server. Action groups cover all auditable actions except a few Transact-SQL commands called audit actions.

Some action groups comprise only server level operations (e.g. create database, drop server role) and so are only available in server audit specifications. Other action groups are applicable at the database level but can be included in a server audit specification so that those actions are audited on all databases - even new ones created the future. This is indicated in the Database and Server columns below.

With SQL Server 2012, Microsoft introduced some new audit action groups also indicated in the table below. Also some action groups that were formerly server-level only, became available at the database level and are indicated by the footnote.

LOGbinder provides a free tool to help you implement audit policy through a step-by-step interface: SQL Audit Policy Wizard.

Action Group	Database	Server	SQL 2012
APPLICATION_ROLE_CHANGE_PASSWORD_GROUP	•*	•
AUDIT_CHANGE_GROUP	•*	•
BACKUP_RESTORE_GROUP	•*	•
BROKER_LOGIN_GROUP		•
DATABASE_CHANGE_GROUP	•	•
Database-level Audit Actions	•
DATABASE_LOGOUT_GROUP	•	•	•
DATABASE_MIRRORING_LOGIN_GROUP		•
DATABASE_OBJECT_ACCESS_GROUP	•	•
DATABASE_OBJECT_CHANGE_GROUP	•	•
DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP	•	•
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP	•	•
DATABASE_OPERATION_GROUP	•	•
DATABASE_OWNERSHIP_CHANGE_GROUP	•	•
DATABASE_PERMISSION_CHANGE_GROUP	•	•
DATABASE_PRINCIPAL_CHANGE_GROUP	•	•
DATABASE_PRINCIPAL_IMPERSONATION_GROUP	•	•
DATABASE_ROLE_MEMBER_CHANGE_GROUP	•	•
DBCC_GROUP	•*	•
FAILED_DATABASE_AUTHENTICATION_GROUP	•	•	•
FAILED_LOGIN_GROUP		•
FULL_TEXT_GROUP		•
LOGIN_CHANGE_PASSWORD_GROUP		•
LOGOUT_GROUP		•
SCHEMA_OBJECT_ACCESS_GROUP	•	•
SCHEMA_OBJECT_CHANGE_GROUP	•	•
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP	•	•
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP	•	•
SERVER_OBJECT_CHANGE_GROUP		•
SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP		•
SERVER_OBJECT_PERMISSION_CHANGE_GROUP		•
SERVER_OPERATION_GROUP		•
SERVER_PERMISSION_CHANGE_GROUP		•
SERVER_PRINCIPAL_CHANGE_GROUP		•
SERVER_PRINCIPAL_IMPERSONATION_GROUP		•
SERVER_ROLE_MEMBER_CHANGE_GROUP		•
SERVER_STATE_CHANGE_GROUP		•
SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP	•	•	•
SUCCESSFUL_LOGIN_GROUP		•
TRACE_CHANGE_GROUP		•
USER_CHANGE_PASSWORD_GROUP	•	•	•
USER_DEFINED_AUDIT_GROUP	•	•	•

* Available on database audit specifications as of SQL Server 2012

 

Upcoming Webinars 3 Ways Two-Factor Authentication Can Stop APTs from Spreading Understanding the Security Boundaries and Risks of Multiple Domains, Forests and Trust Relationships 6 Steps to Classifying Your Data Top 6 Security Events to Monitor in SQL Server Top 10 Security Events to Monitor in SharePoint

Additional Resources Security Log Quick Reference Chart Learn about the SharePoint Audit Log Patch Tuesday Analysis

•	Server Audit Specification
•	Database Audit Specification
•	Audit Action Groups
•	Audit Actions
•	Audit Policy Wizard