| title | description | author | ms.author | ms.date | ms.service | ms.subservice | ms.topic | helpviewer_keywords | monikerRange | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Security Audit Event Category - Profiler |
Security Audit Event Category (SQL Server Profiler) |
WilliamDAssafMSFT |
wiassaf |
06/03/2020 |
sql |
supportability |
reference |
|
=azuresqldb-current||>=sql-server-2016||>=sql-server-linux-2017||=azuresqldb-mi-current |
[!INCLUDE SQL Server Azure SQL Database Azure SQL Managed Instance] The Security Audit event category contains security audit events.
| Topic | Description |
|---|---|
| Audit Add DB User Event Class | Indicates that a login has been added or removed as a database user to a database. |
| Audit Add Login to Server Role Event Class | Indicates that a login was added or removed from a fixed server role. |
| Audit Add Member to DB Role Event Class | Indicates that a login has been added to or removed from a role. |
| Audit Add Role Event Class | Indicates that a database role was added to or removed from a database. |
| Audit Addlogin Event Class | Indicates that a login has been added or removed. |
| Audit App Role Change Password Event Class | Indicates that a password has been changed for an application role. |
| Audit Backup and Restore Event Class | Indicates that a backup or restore statement has been issued. |
| Audit Broker Conversation Event Class | Reports audit messages related to Service Broker dialog security. |
| Audit Broker Login Event Class | Reports audit messages related to Service Broker transport security. |
| Audit Change Audit Event Class | Indicates that an audit trace modification has been made. |
| Audit Change Database Owner Event Class | Indicates that the permissions to change the owner of a database have been checked. |
| Audit Database Management Event Class | Indicates that a database has been created, altered, or dropped. |
| Audit Database Mirroring Login Event Class | Reports audit messages related to database mirroring transport security. |
| Audit Database Object Access Event Class | Indicates that a database object, such as a schema, has been accessed. |
| Audit Database Object GDR Event Class | Indicates that a GDR event for a database object has occurred. |
| Audit Database Object Management Event Class | Indicates that a CREATE, ALTER, or DROP statement was executed on a database object. |
| Audit Database Object Take Ownership Event Class | Indicates that there has been a change of owner for objects in database scope. |
| Audit Database Operation Event Class | Indicates that various operations such as checkpoint or subscribe query notification have occurred. |
| Audit Database Principal Impersonation Event Class | Indicates that an impersonation has occurred within the database scope. |
| Audit Database Principal Management Event Class | Indicates that principals have been created, altered, or dropped from a database. |
| Audit Database Scope GDR Event Class | Indicates that a GRANT, REVOKE, or DENY has been issued for a statement permission by a user in [!INCLUDEmsCoName] [!INCLUDEssNoVersion]. |
| Audit DBCC Event Class | Indicates that a DBCC command has been issued. |
| Audit Fulltext Event Class | Indicates that a full-text event has occurred. |
| Audit Login Change Password Event Class | Indicates that a user has changed their [!INCLUDEssNoVersion] login password. |
| Audit Login Change Property Event Class | Indicates that sp_defaultdb, sp_defaultlanguage, or ALTER LOGIN was used to modify a property of a login. |
| Audit Login Event Class | Indicates that a user has successfully logged into [!INCLUDEssNoVersion]. |
| Audit Login Failed Event Class | Indicates that a user attempted to log in to [!INCLUDEssNoVersion] and failed. |
| Audit Login GDR Event Class | Indicates that a [!INCLUDEmsCoName] Windows login right was added or removed. |
| Audit Logout Event Class | Indicates that a user has logged out of [!INCLUDEssNoVersion]. |
| Audit Object Derived Permission Event Class | Indicates that a CREATE, ALTER, or DROP was issued for an object. |
| Audit Schema Object Access Event Class | Indicates that an object permission (such as SELECT) has been used. |
| Audit Schema Object GDR Event Class | Indicates that a GRANT, REVOKE, or DENY was issued for a schema object permission by a user in [!INCLUDEssNoVersion]. |
| Audit Schema Object Management Event Class | Indicates that a server object has been created, altered, or dropped. |
| Audit Schema Object Take Ownership Event Class | Indicates that the permissions to change the owner of schema object have been checked. |
| Audit Server Alter Trace Event Class | Indicates that the ALTER TRACE permission has been checked. |
| Audit Server Object GDR Event Class | Indicates that a GDR event for a schema object has occurred. |
| Audit Server Object Management Event Class | Indicates that a CREATE, ALTER, or DROP event has occurred for a server object. |
| Audit Server Object Take Ownership Event Class | Indicates that a server object owner has changed. |
| Audit Server Operation Event Class | Indicates that Audit operations have occurred in the server. |
| Audit Server Principal Impersonation Event Class | Indicates that an impersonation has occurred within the server scope. |
| Audit Server Principal Management Event Class | Indicates that a CREATE, ALTER, or DROP has occurred for a server principal. |
| Audit Server Scope GDR Event Class | Indicates that a GDR event has occurred for server permissions. |
| Audit Server Starts and Stops Event Class | Indicates that the [!INCLUDEssNoVersion] service state has been modified. |
| Audit Statement Permission Event Class | Indicates that a statement permission has been used. |