ALTER SERVER AUDIT SPECIFICATION (Transact-SQL)

Syntax

ALTER SERVER AUDIT SPECIFICATION audit_specification_name
{
    [ FOR SERVER AUDIT audit_name ]
    [ { { ADD | DROP } ( audit_action_group_name)
      } [, ...n] ]
    [ WITH ( STATE = { ON | OFF } ) ]
}
[ ; ]

Arguments

• audit_specification_name
  The name of the audit specification.

• audit_name
  The name of the audit to which this specification is applied.

• audit_action_group_name
  Name of a group of server-level auditable actions. For a list of Audit Action Groups, see SQL Server Audit Action Groups and Actions.

• WITH ( STATE = { ON | OFF } )
  Enables or disables the audit from collecting records for this audit specification.

Remarks

You must set the state of an audit specification to the OFF option to make changes to an audit specification. If ALTER SERVER AUDIT SPECIFICATION is executed when an audit specification is enabled with any options other than STATE=OFF, you will receive an error message.

Permissions

Users with the ALTER ANY SERVER AUDIT permission can alter server audit specifications and bind them to any audit.

After a server audit specification is created, it can be viewed by principals with the CONTROL SERVER, or ALTER ANY SERVER AUDIT permissions, the sysadmin account, or principals having explicit access to the audit.

Examples

The following example creates a server audit specification called HIPPA_Audit_Specification. It drops the audit action group for failed logins, and adds an audit action group for Database Object Access for a SQL Server audit called HIPPA_Audit.

ALTER SERVER AUDIT SPECIFICATION HIPPA_Audit_Specification
FOR SERVER AUDIT HIPPA_Audit
    DROP (FAILED_LOGIN_GROUP)
    ADD (DATABASE_OBJECT_ACCESS_GROUP);
GO

For a full example about how to create an audit, see Understanding SQL Server Audit.

See Also

Reference

Concepts

Change History