The values you can specify for the login_name and object_name parameters to sp_audit depend on the type of auditing option you specify:
Global options apply to commands that affect the entire server, such as booting the server, disk commands, and allowing ad hoc, user-defined audit records. Option settings for global events are stored in the sybsecurity..sysauditoptions system table.
Database-specific options apply to a database. Examples include altering a database, bulk copy (bcp in) of data into a database, granting or revoking access to objects in a database, and creating objects in a database. Option settings for database-specific events are stored in the master..sysdatabases system table.
Object-specific options apply to a specific object. Examples include selecting, inserting, updating, or deleting rows of a particular table or view and the execution of a particular trigger or procedure. Option settings for object-specific events are stored in the sysobjects system table in the relevant database.
User-specific options apply to a specific user or system role. Examples include accesses by a particular user to any table or view or all actions performed when a particular system role, such as sa_role, is active. Option settings for individual users are stored in master..syslogins. The settings for system roles are stored in master..sysauditoptions.
Table 18-2 shows:
Valid values for the option and the type of each option – global, database-specific, object-specific, or user-specific
Valid values for the login_name and object_name parameters for each option
The database to be in when you set the auditing option
The command or access that is audited when you set the option
An example for each option
The default value for all options is off.
Option (option type) |
login_name |
object_name |
Database to be in to set the option |
Command or access being audited |
---|---|---|---|---|
adhoc (user-specific) |
all |
all |
Any |
Allows users to use sp_addauditrecord |
Example: (Enables ad hoc user-defined auditing records.) |
||||
all (user-specific) |
A login name or role |
all |
Any |
All actions of a particular user or by users with a particular role active |
Example (Turns auditing on for all actions in which the sa_role is active.) |
||||
alter (database-specific) |
all |
Database to be audited |
Any |
alter database, alter table |
Example (Turns auditing on for all executions of alter database and alter table in the master database.) |
||||
bcp (database-specific) |
all |
Database to be audited |
Any |
bcp in |
Example (Returns the status of bcp auditing in the pubs2 database. If you do not specify a value for setting, Adaptive Server returns the status of auditing for the option you specify) |
||||
bind (database-specific) |
all |
Database to be audited |
Any |
sp_bindefault, sp_bindmsg, sp_bindrule |
Example (Turns bind auditing off for the planning database.) |
||||
cmdtext (user-specific) |
Login name of the user to be audited |
all |
Any |
SQL text entered by a user.(Does not reflect whether or not the text in question passed permission checks or not. eventmod always has a value of 1.) |
Example (Turns text auditing off for database owners.) |
||||
create (database-specific) |
all |
Database to be audited |
Any |
create database, create table, create procedure, create trigger, create rule, create default, sp_addmessage, create view, create index, create function |
Specify master for object_name to audit create database. You are also auditing the creation of other objects in master. Example (Turns on auditing of successful object creations in the planning database. The current status of auditing create database is not affected because you did not specify the master database.) |
||||
dbaccess (database-specific) |
all |
Database to be audited |
Any |
Any access to the database from another database |
Example (Audits all external accesses to the project database.) |
||||
dbcc (global) |
all |
all |
Any |
All dbcc commands that require permissions |
Example (Audits all executions of the dbcc command.) |
||||
delete (object-specific) |
all |
Name of the table or view to be audited, or default view or default table |
The database of the table or view (except tempdb) |
delete from a table, delete from a view |
Example (Audits all delete actions for all future tables in the current database.) |
||||
disk (global) |
all |
all |
Any |
disk init, disk refit, disk reinit, disk mirror, disk unmirror, disk remirror, disk resize |
Example (Audits all disk actions for the server.) |
||||
drop (database-specific) |
all |
Database to be audited |
Any |
drop database, drop table, drop procedure, drop index, drop trigger, drop rule, drop default, sp_dropmessage, drop view, drop function |
Example (Audits all drop commands in the financial database that fail permission checks.) |
||||
dump (database-specific) |
all |
Database to be audited |
Any |
dump database, dump transaction |
Example (Audits dump commands in the pubs2 database.) |
||||
encryption_key (database-specific) |
all |
Database to be audited |
Any |
alter encryption key create encryption key drop encryption key sp_encryption |
Example Audits all the above commands in the pubs2 database: sp_audit "encryption_key", "all", "pubs2", "on" |
||||
errors (global) |
all |
all |
Any |
Fatal error, non-fatal error |
Example (Audits errors throughout the server.) |
||||
errorlog |
all |
all |
Any |
sp_errorlog or the errorlog_admin function |
Example (Audits attempts to "change log" to move to a new Adaptive Server error log file.) |
||||
exec_procedure (object-specific) |
all |
Name of the procedure to be audited or default procedure |
The database of the procedure (except tempdb) |
execute |
Example (Turns automatic auditing off for new procedures in the current database.) |
||||
exec_trigger (object-specific) |
all |
Name of the trigger to be audited or default trigger |
The database of the trigger (except tempdb) |
Any command that fires the trigger |
Example (Audits all failed executions of the trig_fix_plan trigger in the current database.) |
||||
func_dbaccess (database-specific) |
all |
Name of the database you are auditing |
Any |
Access to the database using the following functions: curunreserved_pgs, db_name, db_id, lct_admin, setdbrepstat, setrepstatus, setrepdefmode, is_repagent_enabled, rep_agent_config, rep_agent_admin |
Example (Audits accesses to the strategy database via built-in functions.) |
||||
func_obj_access (object-specific) |
all |
Name of any object that has an entry in sysobjects |
Any |
Access to an object using the following functions: schema_inc, col_length, col_name, data_pgs, index_col, object_id, object_name, reserved_pgs, rowcnt, used_pgs, has_subquery |
Example (Audits accesses to the customer table via built-in functions.) |
||||
grant (database-specific) |
all |
Name of the database to be audited |
Any |
grant |
Example (Audits all grants in the planning database.) |
||||
insert (object-specific) |
all |
Name of the view or table to which you are inserting rows, or default view or default table |
The database of the object (except tempdb) |
insert into a table, insert into a view |
Example (Audits all inserts into the dpt_101_view view in the current database.) |
||||
install (database-specific) |
all |
Database to be audited |
Any |
install java |
Example (Audits the installation of java classes in database planning) |
||||
load (database-specific) |
all |
Database to be audited |
Any |
load database, load transaction |
Example (Audits all failed executions of database and transaction loads in the projects_db database.) |
||||
login (global) |
all |
all |
Any |
Any login to Adaptive Server |
Example (Audits all failed attempts to log in to the server.) |
||||
login_locked (global) |
all |
all |
Any |
|
Example (Login is locked because of exceeding the configured number of failed login attempts.) |
||||
logout |
all |
all |
Any |
Any logout from Adaptive Server |
Example (Turns auditing off of logouts from the server.) |
||||
mount (global) |
all |
all |
Any |
mount database |
Example (Audits all mount database commands issued.) |
||||
password |
all |
all |
Any |
Setting of global password and login policy options |
quiesce (global) |
all |
all |
Any |
quiesce database |
Example (Turns auditing on for quiesce database commands.) |
||||
reference (object-specific) |
all |
Name of the view or table to which you are inserting rows, or default view or default table |
Any |
create table, alter table |
Example (Turns off auditing of the creation of references to the titles table.) |
||||
remove (database-specific) |
all |
all |
Any |
Audits the removal of Java classes |
sp_audit "remove", "all", "planning", "on" (Audits the removal of Java classes in the planning database.) |
||||
revoke (database-specific) |
all |
Database to be audited |
Any |
revoke |
Example (Turns off auditing of the execution of revoke in the payments_db database.) |
||||
rpc (global) |
all |
all |
Any |
Remote procedure calls (either in or out) |
Example (Audits all remote procedure calls out of or into the server.) |
||||
security (global) |
all |
all |
Any |
Server-wide security-relevant events. See the “security” option in Table 18-5. |
Example (Audits server-wide security-relevant events in the server.) |
||||
select (object-specific) |
all |
Name of the view or table to which you are inserting rows, or default view or default table |
The database of the object (except tempdb) |
select from a table, select from a view |
Example (Audits all failed selects from the customer table in the current database.) |
||||
setuser (database-specific) |
all |
all |
Any |
setuser |
Example (Audits all executions of setuser in the projdb database.) |
||||
table_access (user-specific) |
Login name of the user to be audited. |
all |
Any |
select, delete, update, or insert access in a table |
Example (Audits all table accesses by the login named “smithson”.) |
||||
transfer_table (global) |
all |
all |
Any |
Server-wide option. Does not appear in sysauditoptions. |
Example (Audits server-wide transfer-relevant events in the server.) |
||||
truncate (database-specific) |
all |
Database to be audited |
Any |
truncate table |
Example (Audits all table truncations in the customer database.) |
||||
unbind (database-specific) |
all |
Database to be audited |
Any |
sp_unbindefault, sp_unbindrule, sp_unbindmsg |
Example (Audits all failed attempts of unbinding in the master database.) |
||||
unmount (global) |
all |
all |
Any |
unmount database |
Example (audits all attempts to unmount or create a manifest file with any database.) |
||||
update (object-specific) |
all |
Name specifying the object to be audited, default table or default view |
The database of the object (except tempdb) |
update to a table, update to a view |
Example (Audits all attempts by users to update the projects table in the current database.) |
||||
view_access (user-specific) |
Login name of the user to be audited |
all |
Any |
select, delete, insert, or update to a view |
Example (Turns off view auditing of user “joe”.) |