Events
Get certified in Microsoft Fabric—for free!
19 Nov, 11 pm - 10 Dec, 11 pm
For a limited time, the Microsoft Fabric Community team is offering free DP-600 exam vouchers.
Prepare nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies to: SQL Server Azure SQL Managed Instance
Creates a database audit specification object using the SQL Server audit feature. For more information, see SQL Server Audit (Database Engine).
Transact-SQL syntax conventions
CREATE DATABASE AUDIT SPECIFICATION audit_specification_name
{
FOR SERVER AUDIT audit_name
[ ADD (
{ <audit_action_specification> | audit_action_group_name }
[ , ...n ] )
]
[ WITH ( STATE = { ON | OFF } ) ]
}
[ ; ]
<audit_action_specification>::=
{
action [ , ...n ] ON [class::]securable BY principal [ , ...n ]
}
The name of the audit specification.
The name of the audit to which this specification is applied.
The specification of actions on securables by principals that should be recorded in the audit.
The name of one or more database-level auditable actions. For a list of audit actions, see SQL Server Audit Action Groups and Actions.
The name of one or more groups of database-level auditable actions. For a list of audit action groups, see SQL Server Audit Action Groups and Actions.
The class name (if applicable) on the securable.
The table, view, or other securable object in the database on which to apply the audit action or audit action group. For more information, see Securables.
The name of database principal on which to apply the audit action or audit action group. To audit all database principals, use the public database principal. For more information, see Principals (Database Engine).
Enables or disables the audit from collecting records for this audit specification.
Database audit specifications are non-securable objects that reside in a given database. When a database audit specification is created, it's in a disabled state.
Users with the ALTER ANY DATABASE AUDIT
permission can create database audit specifications and bind them to any audit.
After a database audit specification is created, users with the CONTROL SERVER
permission, or the sysadmin
account, can view it.
The Transact-SQL code samples in this article use the AdventureWorks2022
or AdventureWorksDW2022
sample database, which you can download from the Microsoft SQL Server Samples and Community Projects home page.
The following example creates a server audit called Payroll_Security_Audit
and then a database audit specification called Payroll_Security_Audit
that audits SELECT
and INSERT
statements by any member of the public database role, for the HumanResources.EmployeePayHistory
table. Every user is audited, because every user is always member of the public role.
USE master;
GO
-- Create the server audit.
CREATE SERVER AUDIT Payroll_Security_Audit
TO FILE (FILEPATH = 'D:\SQLAudit\'); -- make sure this path exists
GO
-- Enable the server audit.
ALTER SERVER AUDIT Payroll_Security_Audit
WITH (STATE = ON);
GO
-- Move to the target database.
USE AdventureWorks2022;
GO
-- Create the database audit specification.
CREATE DATABASE AUDIT SPECIFICATION Audit_Pay_Tables
FOR SERVER AUDIT Payroll_Security_Audit ADD (
SELECT, INSERT ON HumanResources.EmployeePayHistory BY PUBLIC
)
WITH (STATE = ON);
GO
The following example creates a server audit called DataModification_Security_Audit
and then a database audit specification called Audit_Data_Modification_On_All_Sales_Tables
that audits INSERT
, UPDATE
, and DELETE
statements by users in a new database role SalesUK
, for all objects in the Sales
schema.
USE master;
GO
-- Create the server audit.
-- Change the path to a path that the SQLServer Service has access to.
CREATE SERVER AUDIT DataModification_Security_Audit
TO FILE (FILEPATH = 'D:\SQLAudit\'); -- make sure this path exists
GO
-- Enable the server audit.
ALTER SERVER AUDIT DataModification_Security_Audit
WITH (STATE = ON);
GO
-- Move to the target database.
USE AdventureWorks2022;
GO
CREATE ROLE SalesUK
GO
-- Create the database audit specification.
CREATE DATABASE AUDIT SPECIFICATION Audit_Data_Modification_On_All_Sales_Tables
FOR SERVER AUDIT DataModification_Security_Audit ADD (
INSERT, UPDATE, DELETE ON SCHEMA::Sales BY SalesUK
)
WITH (STATE = ON);
GO
Server audit specifications:
Database audit specifications:
Catalog views and DMVs:
Events
Get certified in Microsoft Fabric—for free!
19 Nov, 11 pm - 10 Dec, 11 pm
For a limited time, the Microsoft Fabric Community team is offering free DP-600 exam vouchers.
Prepare now