The Privileged User Auditing tab of the Audited Database Properties window allows you to change the audit settings currently applied to privileged users for the selected Database. You can audit individual SQL Server logins with privileged access as well as logins that belong to specific server roles.
To successfully configure privileged user audit settings, the Management Console must have trusted access to the physical computer hosting the target SQL Server instance.
When you update audit settings to audit privileged user activities, these changes are not applied until the SQL trace is refreshed. The SQL trace is refreshed when the SQL Compliance Manager Agent sends the trace files to the Collection Server. To ensure an immediate application of your new audit settings, click Update Audit Settings Now on the Agent menu.
Available actions
Add
Allows you to select one or more privileged users to audit. You can select privileged users by login name or by membership to a fixed server role.
Remove
Allows you to remove the selected SQL Server login or fixed server role from the list of audited privileged users. When you remove the login or role, the SQL Compliance Manager Agent no longer collects events recorded for that login or the role members.
Available fields
Privileged users and roles to be audited
Lists the audited privileged users by login name or fixed server role. If you are auditing privileged users in a fixed server role, the SQL Compliance Manager Agent collects activities executed by all members of the selected role.
Audited Activity
Allows you to specify which activities (events) you want to audit for the selected privileged users. Select Audit all activities done by privileged users to include everything or select Audit selected activities done by privileged users followed by additional preferences for selective auditing. Available options include:
- Logins
- Logouts
- Failed logins
- Security changes
- Administrative actions
- Database definition (DDL)
- Database modification (DML)
- Database SELECT operations
- User defined events
- Filter events based on access check.
Capture SQL statements for DML and SELECT activity
Allows you to specify whether you want to collect SQL statements associated with audited DML and SELECT activities. To capture these statements, you must also enable DML or SELECT auditing.
Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit SQL statements.
Capture transaction status for DML activity
Allows you to specify whether you want to collect the status of all DML transactions that are executed by T-SQL scripts run on your audited database. This setting captures begin, commit, rollback, and savepoint statuses. To capture these statuses, you must enable DML auditing.
Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit transaction status, such as rollbacks.
Capture SQL statements for DDL and Security Changes
Allows you to specify whether you want to collect SQL statements associated with audited database definition (DDL) activities. To capture these statements, you must also enable DDL auditing.
Ensure the Collection Server and the target SQL Server computers have ample resources to handle the additional data collection, storage, and processing. Because this setting can significantly increase resource requirements and negatively impact performance, choose this setting only when your compliance policies require you to audit SQL statements.
Add Privileged Users window
The Add Users window is accessed by clicking Add on the Privileged User Auditing tab while viewing Registered SQL Server Properties. Use this window to include selected login accounts and roles as privileged. Added logins/roles may be removed by selecting the item in the Privileged User Auditing tab, and then click Remove.