Auditing options: Types and requirements

The values you can specify for the login_name and object_name parameters to sp_audit depend on the type of auditing option you specify:

Global options apply to commands that affect the entire server, such as booting the server, disk commands, and allowing ad hoc, user-defined audit records. Option settings for global events are stored in the sybsecurity..sysauditoptions system table.
Database-specific options apply to a database. Examples include altering a database, bulk copy (bcp in) of data into a database, granting or revoking access to objects in a database, and creating objects in a database. Option settings for database-specific events are stored in the master..sysdatabases system table.
Object-specific options apply to a specific object. Examples include selecting, inserting, updating, or deleting rows of a particular table or view and the execution of a particular trigger or procedure. Option settings for object-specific events are stored in the sysobjects system table in the relevant database.
User-specific options apply to a specific user or system role. Examples include accesses by a particular user to any table or view or all actions performed when a particular system role, such as sa_role, is active. Option settings for individual users are stored in master..syslogins. The settings for system roles are stored in master..sysauditoptions.

Table 11-3 shows:

Valid values for the option and the type of each option – global, database-specific, object-specific, or user-specific
Valid values for the login_name and object_name parameters for each option
The database to be in when you set the auditing option
The command or access that is audited when you set the option
An example for each option

The default value of all options is off.

**Table 11-3: Auditing options, requirements, and examples**
Option (option type)	login_name	object_name	Database to be in to set the option	Command or access being audited
adhoc (user-specific)	all	all	Any	Allows users to use sp_addauditrecord
adhoc (user-specific)	Example: `sp_audit "adhoc", "all", "all", "on"` (Enables ad hoc user-defined auditing records.)
all (user-specific)	A login name or role	all	Any	All actions of a particular user or by users with a particular role active
all (user-specific)	Example `sp_audit "all", "sa_role", "all", "on"` (Turns auditing on for all actions in which the sa_role is active.)
alter (database-specific)	all	Database to be audited	Any	alter database, alter table
alter (database-specific)	Example `sp_audit @option = "alter", @login_name = "all", @object_name = "master", @setting = "on"` (Turns auditing on for all executions of alter database and alter table in the master database.)
bcp (database-specific)	all	Database to be audited	Any	bcp in
bcp (database-specific)	Example `sp_audit "bcp", "all", "pubs2"` (Returns the status of bcp auditing in the pubs2 database. If you do not specify a value for setting, Adaptive Server returns the status of auditing for the option you specify)
bind (database-specific)	all	Database to be audited	Any	sp_bindefault, sp_bindmsg, sp_bindrule
bind (database-specific)	Example `sp_audit "bind", "all", "planning", "off"` (Turns bind auditing off for the planning database.)
cmdtext (user-specific)	A login name, role, or “all” for all users in the database	all	Any	SQL text entered by a user.(Does not reflect whether or not the text in question passed permission checks or not. eventmod always has a value of 1.)
cmdtext (user-specific)	Example `sp_audit "cmdtext", "sa", "all", "off"` (Turns text auditing off for Database Owners.)
create (database-specific)	all	Database to be audited	Any	create database, create table, create procedure, create trigger, create rule, create default, sp_addmessage, create view, create index, create function
create (database-specific)	Specify master for object_name if you want to audit create database. You will also be auditing the creation of other objects in master. Example `sp_audit "create", "all", "planning", "pass"` (Turns on auditing of successful object creations in the planning database. The current status of auditing create database is not affected because you did not specify the master database.)
dbaccess (database-specific)	all	Database to be audited	Any	Any access to the database from another database
dbaccess (database-specific)	Example `sp_audit "dbaccess", "all", "project", "on"` (Audits all external accesses to the project database.)
dbcc (global)	all	all	Any	All dbcc commands that require permissions
dbcc (global)	Example `sp_audit "dbcc", "all", "all", "on"` (Audits all executions of the dbcc command.)
delete (object-specific)	all	Name of the table or view to be audited, or default view or default table	The database of the table or view (except tempdb)	delete from a table, delete from a view
delete (object-specific)	Example `sp_audit "delete", "all", "default table", "on"` (Audits all delete actions for all future tables in the current database.)
disk (global)	all	all	Any	disk init, disk refit, disk reinit, disk mirror, disk unmirror, disk remirror, disk resize
disk (global)	Example `sp_audit "disk", "all", "all", "on"` (Audits all disk actions for the server.)
drop (database-specific)	all	Database to be audited	Any	drop database, drop table, drop procedure, drop index, drop trigger, drop rule, drop default, sp_dropmessage, drop view, drop function
drop (database-specific)	Example `sp_audit "drop", "all", "financial", "fail"` (Audits all drop commands in the financial database that fail permission checks.)
dump (database-specific)	all	Database to be audited	Any	dump database, dump transaction
dump (database-specific)	Example `sp_audit "dump", "all", "pubs2", "on"` (Audits dump commands in the pubs2 database.)
errors (global)	all	all	Any	Fatal error, non-fatal error
errors (global)	Example `sp_audit "errors", "all", "all", "on"` (Audits errors throughout the server.)
exec_procedure (object-specific)	all	Name of the procedure to be audited or default procedure	The database of the procedure (except tempdb)	execute
exec_procedure (object-specific)	Example `sp_audit "exec_procedure", "all", "default procedure", "off"` (Turns automatic auditing off for new procedures in the current database.)
exec_trigger (object-specific)	all	Name of the trigger to be audited or default trigger	The database of the trigger (except tempdb)	Any command that fires the trigger
exec_trigger (object-specific)	Example `sp_audit "exec_trigger", "all", "trig_fix_plan", "fail"` (Audits all failed executions of the trig_fix_plan trigger in the current database.)
func_dbaccess (database-specific)	all	Name of the database you are auditing	Any	Access to the database using the following functions: curunreserved_pgs, db_name, db_id, lct_admin, setdbrepstat, setrepstatus, setrepdefmode, is_repagent_enabled, rep_agent_config, rep_agent_admin
func_dbaccess (database-specific)	Example `sp_audit @option="func_dbaccess", @login_name="all", @object_name = "strategy", @setting = "on"` (Audits accesses to the strategy database via built-in functions.)
func_obj_access (object-specific)	all	Name of any object that has an entry in sysobjects	Any	Access to an object using the following functions: schema_inc, col_length, col_name, data_pgs, index_col, object_id, object_name, reserved_pgs, rowcnt, used_pgs, has_subquery
func_obj_access (object-specific)	Example `sp_audit @option="func_obj_access", @login_name="all", @object_name = "customer", @setting = "on"` (Audits accesses to the customer table via built-in functions.)
grant (database-specific)	all	Name of the database to be audited	Any	grant
grant (database-specific)	Example `sp_audit @option="grant", @login_name="all", @object_name = "planning", @setting = "on"` (Audits all grants in the planning database.)
insert (object-specific)	all	Name of the view or table to which you are inserting rows, or default view or default table	The database of the object (except tempdb)	insert into a table, insert into a view
insert (object-specific)	Example `sp_audit "insert", "all", "dpt_101_view", "on"` (Audits all inserts into the dpt_101_view view in the current database.)
install	all	Database to be audited	Any	install java
install	Example `sp_audit "install", "all", "planning", "on"` (Audits the installation of java classes in database planning)
load (database-specific)	all	Database to be audited	Any	load database, load transaction
load (database-specific)	Example `sp_audit "load", "all", "projects_db", "fail"` (Audits all failed executions of database and transaction loads in the projects_db database.)
login (global)	all	all	Any	Any login to Adaptive Server
login (global)	Example `sp_audit "login", "all", "all", "fail"` (Audits all failed attempts to log in to the server.)
logout	all	all	Any	Any logout from Adaptive Server
logout	Example `sp_audit "logout", "all", "all", "off"` (Turns auditing off of logouts from the server.)
mount (global)	all	all	Any	mount database
mount (global)	Example `sp_audit "mount", "all", "all", "on"` (Audits all mount database commands issued.)
quiesce (global)	all	all	Any	quiesce database
quiesce (global)	Example `sp_audit "quiesce", "all", "all", "on"` (Turns auditing on for quiesce database commands.)
reference (object-specific)	all	Name of the view or table to which you are inserting rows, or default view or default table	Any	create table, alter table
reference (object-specific)	Example `sp_audit "reference", "all", "titles", "off"` (Turns off auditing of the creation of references to the titles table.)
remove (global)	all	all	Any	Audits the removal of Java classes
remove (global)	Example `sp_audit "remove", "all", "all", "on"` (Audits the removal of Java classes in all databases.)
revoke (database-specific)	all	Database to be audited	Any	revoke
revoke (database-specific)	Example `sp_audit "revoke", "all", "payments_db", "off"` (Turns off auditing of the execution of revoke in the payments_db database.)
rpc (global)	all	all	Any	Remote procedure calls (either in or out)
rpc (global)	Example `sp_audit "rpc", "all", "all", "on"` (Audits all remote procedure calls out of or into the server.)
security (global)	all	all	Any	Server-wide security-relevant events. See the “security” option in Table 11-6.
security (global)	Example `sp_audit "security", "all", "all", "on"` (Audits server-wide security-relevant events in the server.)
select (object-specific)	all	Name of the view or table to which you are inserting rows, or default view or default table	The database of the object (except tempdb)	select from a table, select from a view
select (object-specific)	Example `sp_audit "select", "all", "customer", "fail"` (Audits all failed selects from the customer table in the current database.)
setuser (database-specific)	all	all	Any	setuser
setuser (database-specific)	Example `sp_audit "setuser", "all", "projdb", "on"` (Audits all executions of setuser in the projdb database.)
table_access (user-specific)	Name of the login to be audited, or all if all users are to be audited.	all	Any	select, delete, update, or insert access in a table
table_access (user-specific)	Example `sp_audit "table_access", "smithson", "all", "on"` (Audits all table accesses by the login named “smithson”.)
truncate (database-specific)	all	Database to be audited	Any	truncate table
truncate (database-specific)	Example `sp_audit "truncate", "all", "customer", "on"` (Audits all table truncations in the customer database.)
unbind (database-specific)	all	Database to be audited	Any	sp_unbindefault, sp_unbindrule, sp_unbindmsg
unbind (database-specific)	Example `sp_audit "unbind", "all", "master", "fail"` (Audits all failed attempts of unbinding in the master database.)
unmount	all	all	Any	unmount database
unmount	Example `sp_audit "unmount", "all", "projects", "on"` (Audits all attempts by users to mount the projects table in the current database.)
update (object-specific)	all	Name specifying the object to be audited, default table or default view	The database of the object (except tempdb)	update to a table, update to a view
update (object-specific)	Example `sp_audit "update", "all", "projects", "on"` (Audits all attempts by users to update the projects table in the current database.)
view_access (user-specific)	Login name of the user to be audited, or all to audit all users	all	Any	select, delete, insert, or update to a view
view_access (user-specific)	Example `sp_audit "view_access", "joe", "all", "off"` (Turns off view auditing of user “joe”.)