Skip to content

Latest commit

 

History

History
61 lines (52 loc) · 5.73 KB

audit-addlogin-event-class.md

File metadata and controls

61 lines (52 loc) · 5.73 KB
title description author ms.author ms.date ms.service ms.subservice ms.topic helpviewer_keywords monikerRange
Audit Addlogin Event Class
Audit Addlogin Event Class
WilliamDAssafMSFT
wiassaf
03/14/2017
sql
supportability
reference
Audit Addlogin event class
=azuresqldb-current||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current

Audit Addlogin Event Class

[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance]

The Audit Addlogin event class occurs when a [!INCLUDEmsCoName] [!INCLUDEssNoVersion] login is added or removed.

If you set additional properties when the login is added, such as default database, the information about these properties will be found in the TextData column of this event. If you set these properties while adding a login, the Audit Login Change Property Event will not occur.

This audit event is for the sp_addlogin and sp_droplogin stored procedures.

This event class may be removed in a future version of [!INCLUDEssNoVersion]. It is recommended that you use the Audit Server Principal Management event class instead.

Audit Addlogin Event Class Data Columns

Data column name Data type Description Column ID Filterable
ApplicationName nvarchar Name of the client application that created the connection to an instance of [!INCLUDEssNoVersion]. This column is populated with the values passed by the application rather than the displayed name of the program. 10 Yes
ClientProcessID int ID assigned by the host computer to the process where the client application is running. This data column is populated if the client provides the client process ID. 9 Yes
DatabaseID int ID of the database specified by the USE database statement or the default database if no USE database statement has been issued for a given instance. [!INCLUDEssSqlProfiler] displays the name of the database if the ServerName data column is captured in the trace and the server is available. Determine the value for a database by using the DB_ID function. 3 Yes
DatabaseName nvarchar Name of the database in which the user statement is running. 35 Yes
EventClass int Type of event = 104. 27 No
EventSequence int Sequence of a given event within the request. 51 No
EventSubClass int Type of event subclass.

1=Add

2=Drop
21 Yes
HostName nvarchar Name of the computer on which the client is running. This data column is populated if the client provides the host name. To determine the host name, use the HOST_NAME function. 8 Yes
IsSystem int Indicates whether the event occurred on a system process or a user process. 1 = system, 0 = user. 60 Yes
LoginName nvarchar Name of the login of the user (either the [!INCLUDEssNoVersion] security login or the [!INCLUDEmsCoName] Windows login credentials in the form of DOMAIN\username). 11 Yes
LoginSid image Security identification number (SID) of the logged-in user. You can find this information in the sys.server_principals catalog view. Each SID is unique for each login in the server. 41 Yes
NTDomainName nvarchar Windows domain to which the user belongs. 7 Yes
NTUserName nvarchar Windows user name. 6 Yes
RequestID int ID of the request containing the statement. 49 Yes
ServerName nvarchar Name of the instance of [!INCLUDEssNoVersion] being traced. 26 No
SessionLoginName Nvarchar Login name of the user who originated the session. For example, if you connect to [!INCLUDEssNoVersion] using Login1 and execute a statement as Login2, SessionLoginName shows Login1 and LoginName shows Login2. This column displays both [!INCLUDEssNoVersion] and Windows logins. 64 Yes
SPID int ID of the session on which the event occurred. 12 Yes
StartTime datetime Time at which the event started, if available. 14 Yes
Success int 1 = success. 0 = failure. For example, a value of 1 indicates success of a permissions check and a value of 0 indicates a failure of that check. 23 Yes
TargetLoginName nvarchar The name of the login to be added or dropped. 42 Yes
TargetLoginSid image The security identification number (SID) of the targeted login (if passed in as a parameter). 43 Yes
TransactionID bigint System-assigned ID of the transaction. 4 Yes
XactSequence bigint Token used to describe the current transaction. 50 Yes

See Also

Extended Events
sp_trace_setevent (Transact-SQL)
Audit Login Change Property Event Class
sp_addlogin (Transact-SQL)
sp_droplogin (Transact-SQL)
Audit Server Principal Management Event Class