none
Audit users' DB operations

    Question

  • I am trying to audit all the database operations performed by certain users except few others. Basically I want to audit the sysadmin users. I tried with the code below:

    CREATE DATABASE AUDIT SPECIFICATION [FilterForSensitiveData]  
    FOR SERVER AUDIT [AuditDataAccess]   
    ADD (INSERT,UPDATE,DELETE ON schema::[dbo] BY [user_1],[user_2]),
    ADD (schema_object_change_group )
    WITH (STATE = ON); 

    In above code, I can only add the users present in the database level in by clause. sysadmin users are not present in database level. To audit sysadmin users, I must add public in by clause. But doing so, all the users will be audited which is not required. So how can I audit the sysadmin users and leave the other users?

    Tuesday, June 12, 2018 3:40 AM

Answers

All replies