Administering SQL Server
Security Audit Event Classes
The following table describes the Security Audit event classes in the Security Audit event category.
| Event class | Description |
|---|---|
| Audit Add DB User Event | Records the addition and removal of database users (Microsoft Windows NT® 4.0, Microsoft Windows® 2000, or Microsoft SQL Server™). |
| Audit Add Login to Server Role Event | Records the addition or removal of logins to and from a fixed server role for sp_addsrvrolemember and sp_dropsrvrolemember. |
| Audit Add Member to DB Role Event | Records the addition and removal of members to and from a database role (fixed or user-defined) for sp_addrolemember, sp_droprolemember, and sp_changegroup. |
| Audit Add Role Event | Records add or drop actions on database roles for sp_addrole and sp_droprole. |
| Audit Addlogin Event | Records add and drop actions on SQL Server logins for sp_addlogin and sp_droplogin. |
| Audit App Role Change Password Event | Records changes to the password of an application. |
| Audit Backup/Restore Event | Records BACKUP and RESTORE events. |
| Audit Change Audit Event | Records AUDIT modifications. |
| Audit DBCC Event | Records DBCC commands that have been issued. |
| Audit Login Event | Collects all new connection events since the trace was started (for example, a client requesting a connection to a server running an instance of SQL Server). |
| Audit Login Change Password Event | Records SQL Server login password changes. Passwords are not recorded.
If you are a member of the sysadmin or securityadmin fixed server role and you reset your own password by using sp_password with all three arguments specified ('old_password', 'new_password', 'login'), the audit record will reflect that you are changing someone else's password. |
| Audit Login Change Property Event | Records modifications on login property, except passwords for sp_defaultdb and sp_defaultlanguage. |
| Audit Login Failed Event | Indicates that a login attempt to an instance of SQL Server from a client has failed. |
| Audit Login GDR Event | Records grant, revoke, and deny actions on Windows NT 4.0 or Windows 2000 account login rights for sp_grantlogin, sp_revokelogin, and sp_denylogin. |
| Audit Logout Event | Collects all new disconnect events since the trace was started, such as when a client issues a disconnect command. |
| Audit Object Derived Permission Event | Records when a CREATE, ALTER, or DROP command is issued for the specified object. |
| Audit Object GDR Event | Records permissions events for GRANT, DENY, REVOKE objects. |
| Audit Object Permission Event | Records the successful or unsuccessful use of object permissions. |
| Audit Server Starts and Stops Event | Records shut down, start, and pause activities for services. |
| Audit Statement GDR Event | Records permission events for GRANT, DENY, REVOKE statements. |
| Audit Statement Permission Event | Records the use of statement permissions. |