The system audit tables can be accessed only by a system security officer, who can read the tables by executing SQL commands. The only commands that are allowed on the system audit tables are select and truncate.
Table 10-3 describes the columns in all audit tables.
Column name |
Datatype |
Description |
|---|---|---|
event |
smallint |
Type of event being audited. See Table 10-5. |
eventmod |
smallint |
More information about the event being audited. Indicates whether or not the event in question passed permission checks. Possible values are:
|
spid |
smallint |
ID of the process that caused the audit record to be written. |
eventtime |
datetime |
Date and time that the audited event occurred. |
sequence |
smallint |
Sequence number of the record within a single event. Some events require more than one audit record. |
suid |
smallint |
Server login ID of the user who performed the audited event. |
dbid |
int null |
Database ID in which the audited event occurred, or in which the object, stored procedure, or trigger resides, depending on the type of event. |
objid |
int null |
ID of the accessed object, stored procedure, or trigger. |
xactid |
binary(6) null |
ID of the transaction containing the audited event. For a multi-database transaction, this is the transaction ID from the database where the transaction originated. |
loginname |
varchar(30) null |
Login name corresponding to the suid. |
dbname |
varchar(30) null |
Database name corresponding to the dbid. |
objname |
varchar(30) null |
Object name corresponding to the objid. |
objowner |
varchar(30) null |
Name of the owner of objid. |
extrainfo |
varchar(255) null |
Additional information about the audited event. This column contains a sequence of items separated by semicolons. For details, see “Reading the extrainfo column”. |
nodeid |
tinyint |
Server nodeid in a cluster where the event occurred. |
