Create a Server Audit and Database Audit Specification
This topic describes how to create a server audit and database audit specification in SQL Server 2014 by using SQL Server Management Studio or Transact-SQL.
Auditing an instance of SQL Server or a SQL Server database involves tracking and logging events that occur on the system. The SQL Server Audit object collects a single instance of server- or database-level actions and groups of actions to monitor. The audit is at the SQL Server instance level. You can have multiple audits per SQL Server instance. The Database-Level Audit Specification object belongs to an audit. You can create one database audit specification per SQL Server database per audit. For more information, see SQL Server Audit (Database Engine).
In This Topic
Before you begin:
To create a server audit and database audit specification, using:
Before You Begin
Limitations and Restrictions
Database audit specifications are non-securable objects that reside in a given database. When a database audit specification is created, it is in a disabled state.
When you are creating or modifying a database audit specification in a user database, do not include audit actions on server-scope objects, such as the system views. If server-scoped objects are included, the audit will be created. However, the server-scoped objects will not be included, and no error will be returned. To audit server-scope objects, use a database audit specification in the master database.
Database audit specifications reside in the database where they are created, with the exception of the tempdb
system database.
Security
Permissions
Users with the ALTER ANY DATABASE AUDIT permission can create database audit specifications and bind them to any audit.
After a database audit specification is created, it can be viewed by principals with the CONTROL SERVER, ALTER ANY DATABASE AUDIT permissions, or the sysadmin account.
Using SQL Server Management Studio
To create a server audit
In Object Explorer, expand the Security folder.
Right-click the Audits folder and select New Audit.... For more information, see Create a Server Audit and Server Audit Specification.
When you are finished selecting options, click OK.
To create a database-level audit specification
In Object Explorer, expand the database where you want to create an audit specification.
Expand the Security folder.
Right-click the Database Audit Specifications folder and select New Database Audit Specification....
The following options are available on the Create Database Audit Specification dialog box.
Name
The name of the database audit specification. This is generated automatically when you create a new server audit specification but is editable.Audit
The name of an existing database audit. Either type in the name of the audit or select it from the list.Audit Action Type
Specifies the database-level audit action groups and audit actions to capture. For the list of database-level audit action groups and audit actions and a description of the events they contain, see SQL Server Audit Action Groups and Actions.Object Schema
Displays the schema for the specified Object Name.Object Name
The name of the object to audit. This is only available for audit actions; it does not apply to audit groups.Ellipsis (...)
Opens the Select Objects dialog to browse for and select an available object, based on the specified Audit Action Type.Principal Name
The account to filter the audit by for the object being audited.Ellipsis (...)
Opens the Select Objects dialog to browse for and select an available object, based on the specified Object Name.When you are finished selecting option, click OK.
Using Transact-SQL
To create a server audit
In Object Explorer, connect to an instance of Database Engine.
On the Standard bar, click New Query.
Copy and paste the following example into the query window and click Execute.
USE master ; GO -- Create the server audit. CREATE SERVER AUDIT Payrole_Security_Audit TO FILE ( FILEPATH = 'C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\DATA' ) ; GO -- Enable the server audit. ALTER SERVER AUDIT Payrole_Security_Audit WITH (STATE = ON) ;
To create a database-level audit specification
In Object Explorer, connect to an instance of Database Engine.
On the Standard bar, click New Query.
Copy and paste the following example into the query window and click Execute. The example creates a database audit specification called
Audit_Pay_Tables
that audits SELECT and INSERT statements by thedbo
user, for theHumanResources.EmployeePayHistory
table based on the server audit defined above.USE AdventureWorks2012 ; GO -- Create the database audit specification. CREATE DATABASE AUDIT SPECIFICATION Audit_Pay_Tables FOR SERVER AUDIT Payrole_Security_Audit ADD (SELECT , INSERT ON HumanResources.EmployeePayHistory BY dbo ) WITH (STATE = ON) ; GO
For more information, see CREATE SERVER AUDIT (Transact-SQL) and CREATE DATABASE AUDIT SPECIFICATION (Transact-SQL).