create a server audit and database audit specification

7/30/2019 Create a Server Audit and Database Audit Specification

1/5

Create a Server Auditand Database AuditSpecification

This topic describes how to create a server audit and database audit

specification in SQL Server 2012 by using SQL Server Management

Studio or Transact-SQL.

Auditing an instance of SQL Server or a SQL Server database

involves tracking and logging events that occur on the system. The

SQL Server Auditobject collects a single instance of server- or

database-level actions and groups of actions to monitor. The audit

is at the SQL Server instance level. You can have multiple audits per

SQL Server instance. The Database-Level Audit Specification object

belongs to an audit. You can create one database audit specification

per SQL Server database per audit. For more information, see SQL

Server Audit (Database Engine).

In This Topic

Before you begin:

Limitations and Restrictions

Security

To create a server audit and database audit

specification, using:

SQL Server Management Studio

Transact-SQL

Before You Begin

Limitations and Restrictions

Database audit specifications are non-securable objects that

reside in a given database. When a database audit specification is

created, it is in a disabled state.

When you are creating or modifying a database audit

specification in a user database, do not include audit actions on

SQL Server 2012 2 out of 5 rated this helpful

e a Server Audit and Database Audit Specification http://msdn.microsoft.com/en-us/library/cc280

5 14-Apr-2013


2/5

server-scope objects, such as the system views. If server-scoped

objects are included, the audit will be created. However, the

server-scoped objects will not be included, and no error will be

returned. To audit server-scope objects, use a database audit

specification in the master database.

Database audit specifications reside in the database where they

are created, with the exception of the tempdb system database.

Security

Permissions

Users with the ALTER ANY DATABASE AUDIT permission

can create database audit specifications and bind them to

any audit.

After a database audit specification is created, it can be

viewed by principals with the CONTROL SERVER, ALTER

ANY DATABASE AUDIT permissions, or the sysadmin

account.

[Top]

Using SQL Server Management

Studio

To create a server audit

In Object Explorer, expand the Security folder.1.

Right-click the Audits folder and select New Audit. For

more information, see Create a Server Audit and Server

Audit Specification.

2.

When you are finished selecting options, click OK.3.

To create a database-level audit specification

In Object Explorer, expand the database where you want

to create an audit specification.

1.

Expand the Security folder.2.

Right-click the Database Audit Specifications folder and

select New Database Audit Specification.

The following options are available on the Create

3.


5 14-Apr-2013


3/5

Database Audit Specification dialog box.

Name

The name of the database audit specification. This is

generated automatically when you create a new

server audit specification but is editable.

Audit

The name of an existing database audit. Either type

in the name of the audit or select it from the list.

Audit Action Type

Specifies the database-level audit action groups

and audit actions to capture. For the list of

database-level audit action groups and audit

actions and a description of the events they

contain, see SQL Server Audit Action Groups and

Actions.

Object Schema

Displays the schema for the specified ObjectName.

Object Name

The name of the object to audit. This is only

available for audit actions; it does not apply to

audit groups.

Ellipsis ()

Opens the Select Objects dialog to browse for and

select an available object, based on the specified

Audit Action Type.

Principal Name

The account to filter the audit by for the object

being audited.

Ellipsis ()

Opens the Select Objects dialog to browse for and

select an available object, based on the specified

Object Name.

When you are finished selecting option, click OK.4.

[Top]

Using Transact-SQL

To create a server audit

In Object Explorer, connect to an instance of Database1.


5 14-Apr-2013


4/5

Engine.

On the Standard bar, click New Query.2.

Copy and paste the following example into the query

window and click Execute.

3.

To create a database-level audit specification

In Object Explorer, connect to an instance of Database

Engine.

1.

On the Standard bar, click New Query.2.

Copy and paste the following example into the query

window and click Execute. The example creates a database

audit specification called Audit_Pay_Tables that audits

SELECT and INSERT statements by the dbo user, for the

HumanResources.EmployeePayHistory table based on

the server audit defined above.

3.

For more information, see CREATE SERVER AUDIT (Transact-SQL)

and CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL).

[Top]

USE master ;

GO

-- Create the server audit.

CREATE SERVER AUDIT Payrole_Security_Aud

TO FILE ( FILEPATH =

'C:\Program Files\Microsoft SQL Server\M

GO

-- Enable the server audit.

ALTER SERVER AUDIT Payrole_Security_Audi

WITH (STATE = ON) ;

USE AdventureWorks2012 ;

GO

-- Create the database audit specificati

CREATE DATABASE AUDIT SPECIFICATION Audi

FOR SERVER AUDIT Payrole_Security_Audit

ADD (SELECT , INSERT

ON HumanResources.EmployeePayHistorWITH (STATE = ON) ;

GO


5 14-Apr-2013

create a server audit and database audit specification

Documents