Page tree

You can specify which SQL events you want to audit at the database level. IDERA SQL Compliance Manager applies these settings to the audited database on the registered SQL Server instance.

You can configure database audit settings when you add a new database or later as your auditing needs change. For more information about individual SQL events, see Microsoft SQL Server Books Online.

SQL Compliance Manager audits the following SQL events at the database level.

Event classSQL Server versionDescription
Audit Add DB UserSQL Server 2000 onlyRecords when a database user is added or dropped from the audited database. In SQL Server 2005 and later, this event class is Audit Database Principal Management
Audit Add Member to DB RoleSQL Server 2000 and laterRecords when users are added to or removed from a database role
Audit Add RoleSQL Server 2000 onlyRecords when a database role is added to or removed from the audited database. In SQL Server 2005 and later, this event class is Audit Database Principal Management
Audit App Role Change PasswordSQL Server 2000 and laterRecords all application password changes
Audit Backup/RestoreSQL Server 2000 and laterRecords BACKUP and RESTORE operations, including backups and restores performed through SQLsafe
Audit DBCCSQL Server 2000 and laterRecords all DBCC commands executed on the audited database
Audit Database Object AccessSQL Server 2005 and laterRecords when an operation, login, or application accesses a database object
Audit Database Object GDRSQL Server 2005 and laterRecords all GRANT, REVOKE, or DENY actions on permissions for executing T-SQL statements on the audited database object
Audit Database Object ManagementSQL Server 2005 and laterRecords all DROP, ALTER, and CREATE operations on database objects
In SQL Server 2000, this event class is Audit Object Derived Permission
Audit Database Object Take OwnershipSQL Server 2005 and laterRecords when ownership of an audited database object changes
Audit Database OperationSQL Server 2005 and laterRecords all operations executed on an audited database
Audit Database Principal ManagementSQL Server 2005 and laterRecords all DROP, ALTER, and CREATE operations on database principals
Audit Database Scope GDRSQL Server 2005 and laterRecords all GRANT, REVOKE, or DENY actions on permissions for executing T-SQL statements on the audited database
In SQL Server 2000, this event class is Audit Statement GDR
Audit Object Derived PermissionSQL Server 2000 onlyRecords ALTER, CREATE, and DROP commands executed on a database object, such as CREATE TABLE or ALTER TABLE
In SQL Server 2005 and later, this event class is Audit Database Object Management and Audit Schema Object Management
Audit Object GDRSQL Server 2000 onlyRecords all GRANT, REVOKE, or DENY actions on user permissions for a database object
In SQL Server 2005 and later, this event class is Audit Schema Object GDR
Audit Object PermissionSQL Server 2000 onlyRecords whether a user is authorized to execute the following commands on a database object:
  • SELECT ALL
  • UPDATE ALL
  • REFERENCE ALL
  • INSERT
  • DELETE
  • EXECUTE (stored procedures only)
    In SQL Server 2005 and later, this event class is Audit Schema Object Access
Audit Schema Object AccessSQL Server 2005 and laterRecords whether a user is authorized to execute the following commands on a schema object:
  • SELECT ALL
  • UPDATE ALL
  • REFERENCE ALL
  • INSERT
  • DELETE
  • EXECUTE (stored procedures only)
    In SQL Server 2000, this event class is Audit Object Permission
Audit Schema Object GDRSQL Server 2005 and laterRecords all GRANT, REVOKE, or DENY actions on user permissions for a schema object
In SQL Server 2000, this event class is Audit Object GDR
Audit Schema Object ManagementSQL Server 2005 and laterRecords ALTER, CREATE, and DROP commands executed on a server object
In SQL Server 2000, this event class is Audit Object Derived Permission and Audit Statement Permission
Audit Schema Object Take OwnershipSQL Server 2005 and laterRecords when the ALTER AUTHORIZATION statement is used to change ownership of a schema object
Audit Statement GDRSQL Server 2000 onlyRecords all GRANT, REVOKE, or DENY actions on permissions for executing T-SQL statements on the audited database
In SQL Server 2005 and later, this event class is Audit Database Scope GDR
Audit Statement PermissionSQL Server 2000 onlyRecords when a user is authorized to execute a T-SQL statement on the audited database
In SQL Server 2005 and later, this event class is Audit Schema Object Management
SQL TransactionSQL Server 2000 and laterRecords the status of explicit and implicit DML transactions executed in T-SQL scripts, including:
  • Begin
  • Commit
  • Rollback
  • Savepoint



IDERA |  Products | Purchase | Support |  Community | Resources |  About Us | Legal