The values you can specify for the login_name and object_name parameters to sp_audit depend on the type of auditing option you specify:
Global options apply to commands that affect the entire server, such as booting the server, disk commands, and allowing ad hoc, user-defined audit records. Option settings for global events are stored in the sybsecurity..sysauditoptions system table.
Database-specific options apply to a database. Examples include altering a database, bulk copy (bcp in) of data into a database, granting or revoking access to objects in a database, and creating objects in a database. Option settings for database-specific events are stored in the master..sysdatabases system table.
Object-specific options apply to a specific object. Examples include selecting, inserting, updating, or deleting rows of a particular table or view and the execution of a particular trigger or procedure. Option settings for object-specific events are stored in the sysobjects system table in the relevant database.
User-specific options apply to a specific user or system role. Examples include accesses by a particular user to any table or view or all actions performed when a particular system role, such as sa_role, is active. Option settings for individual users are stored in master..syslogins. The settings for system roles are stored in master..sysauditoptions.
Table 12-3 shows:
Valid values for the option and the type of each option – global, database-specific, object-specific, or user-specific
Valid values for the login_name and object_name parameters for each option
The database to be in when you set the auditing option
The command or access that is audited when you set the option
An example for each option
The default value of all options is off.
Option (option type) |
login_name |
object_name |
Database to be in to set the option |
Command or access being audited |
---|---|---|---|---|
adhoc (user-specific) |
all |
all |
Any |
Allows users to use sp_addauditrecord |
Example: (Enables ad hoc user-defined auditing records.) |
||||
all (user-specific) |
A login name or role |
all |
Any |
All actions of a particular user or by users with a particular role active |
Example (Turns auditing on for all actions in which the sa_role is active.) |
||||
alter (database-specific) |
all |
Database to be audited |
Any |
alter database, alter table |
Example (Turns auditing on for all executions of alter database and alter table in the master database.) |
||||
bcp (database-specific) |
all |
Database to be audited |
Any |
bcp in |
Example (Returns the status of bcp auditing in the pubs2 database. If you do not specify a value for setting, Adaptive Server returns the status of auditing for the option you specify) |
||||
bind (database-specific) |
all |
Database to be audited |
Any |
sp_bindefault, sp_bindmsg, sp_bindrule |
Example (Turns bind auditing off for the planning database.) |
||||
cmdtext (user-specific) |
A login name or a role |
all |
Any |
All actions of a particular user.(Does not reflect whether or not the text in question passed permission checks or not. eventmod always has a value of 1.) |
Example (Turns text auditing off for Database Owners.) |
||||
create (database-specific) |
all |
Database to be audited |
Any |
create database, create table, create procedure, create trigger, create rule, create default, sp_addmessage, create view |
Specify master for object_name if you want to audit create database. You will also be auditing the creation of other objects in master. Example (Turns on auditing of successful object creations in the planning database. The current status of auditing create database is not affected because you did not specify the master database.) |
||||
dbaccess (database-specific) |
all |
Database to be audited |
Any |
Any access to the database from another database |
Example (Audits all external accesses to the project database.) |
||||
dbcc (global) |
all |
all |
Any |
dbcc |
Example (Audits all executions of the dbcc command.) |
||||
delete (object-specific) |
all |
Table or view, default table, or default view |
The database of the table or view (except tempdb) |
delete from a table, delete from a view |
Example (Audits all delete actions for all future tables in the current database.) |
||||
disk (global) |
all |
all |
Any |
disk init, disk refit, disk reinit, disk mirror, disk unmirror, disk remirror |
Example (Audits all disk actions for the server.) |
||||
drop (database-specific) |
all |
Database to be audited |
Any |
drop database, drop table, drop procedure, drop trigger, drop rule, drop default, sp_dropmessage, drop view |
Example (Audits all drop commands in the financial database that fail permission checks.) |
||||
dump (database-specific) |
all |
Database to be audited |
Any |
dump database, dump transaction |
Example (Audits dump commands in the pubs2 database.) |
||||
errors (global) |
all |
all |
Any |
Fatal error, non-fatal error |
Example (Audits errors throughout the server.) |
||||
exec_procedure (object-specific) |
all |
Procedure or default procedure |
The database of the procedure (except tempdb) |
execute |
Example (Turns automatic auditing off of new procedures in the current database.) |
||||
exec_trigger (object-specific) |
all |
Trigger or default trigger |
The database of the trigger (except tempdb) |
Any command that fires the trigger |
Example (Audits all failed executions of the trig_fix_plan trigger in the current database.) |
||||
func_dbaccess (database-specific) |
all |
Database |
Any |
Access to the database via Transact-SQL built-in functions |
Example (Audits accesses to the strategy database via built-in functions.) |
||||
func_obj_access (object-specific) |
all |
Object |
Any |
Access to an object via Transact-SQL built-in functions |
Example (Audits accesses to the customer table via built-in functions.) |
||||
grant (database-specific) |
all |
Database to be audited |
Any |
grant |
Example (Audits all grants in the planning database.) |
||||
insert (object-specific) |
all |
Table or view, default table, or default view |
The database of the object (except tempdb) |
insert into a table, insert into a view |
Example (Audits all inserts into the dpt_101_view view in the current database.) |
||||
load (database-specific) |
all |
Database to be audited |
Any |
load database, load transaction |
Example (Audits all failed executions of database and transaction loads in the projects_db database.) |
||||
login (global) |
all |
all |
Any |
Any login to Adaptive Server |
Example (Audits all failed attempts to log in to the server.) |
||||
logout (global) |
all |
all |
Any |
Any logout from Adaptive Server |
Example (Turns auditing off of logouts from the server.) |
||||
reference (object-specific) |
all |
Table to be audited |
Any |
Creation of a reference between tables |
Example (Turns off auditing of the creation of references between the titles table and other tables.) |
||||
revoke (database-specific) |
all |
Database to be audited |
Any |
revoke |
Example (Turns off auditing of the execution of revoke in the payments_db database.) |
||||
rpc (global) |
all |
all |
Any |
Remote procedure calls (either in or out) |
Example (Audits all remote procedure calls out of or into the server.) |
||||
security (global) |
all |
all |
Any |
Server-wide security-relevant events. See the “security” option in Table 12-3. |
Example (Audits server-wide security-relevant events in the server.) |
||||
select (object-specific) |
all |
Table or view, default table, or default view |
The database of the object (except tempdb) |
select from a table, select from a view |
Example (Audits all failed selects from the customer table in the current database.) |
||||
setuser (database-specific) |
all |
all |
Any |
setuser |
Example (Audits all executions of setuser in the projdb database.) |
||||
table_access (user-specific) |
Login name |
all |
Any |
select, delete, update, or insert access in a table |
Example (Audits all table accesses by the login named “smithson”.) |
||||
truncate (database-specific) |
all |
Database to be audited |
Any |
truncate table |
Example (Audits all table truncations in the customer database.) |
||||
unbind (database-specific) |
all |
Database to be audited |
Any |
sp_unbindefault, sp_unbindrule, sp_unbindmsg |
Example (Audits all failed attempts of unbinding in the master database.) |
||||
update (object-specific) |
all |
View, default table, or default view |
The database of the object (except tempdb) |
update to a table, update to a view |
Example (Audits all attempts by users to update the projects table in the current database.) |
||||
view_access (user-specific) |
Login name |
all |
Any |
select, delete, insert, or update to a view |
Example (Turns off view auditing of user “joe”.) |