SQL Server Auditing: A Learning Series Part Four
Today we continue our series on Auditing with some clarifications. An audit is essentially the combination of several elements. This concept took a day or two to wrap around my brain so I thought I would discuss our way through it.
- The Audit Object is collected on either the server or database level. This covers actions as well as groups of actions.
- The Audit Specification is an object that belongs to an audit. This is a one-to-one relationship between audit object and audit specification. Both items are created at the instance level. The audit specification can collect many server-level or database-level action groups which are raised through extended events. You can have many groups within a specification. In addition, the audit specification is either a database or server specification and it cannot be both.
- The Audit Action Group is a predefined group of actions within the database engine itself. (See the MSDN list of Action Groups and Actions)
- The Target is essentially where the audit results are sent to, which we have already discussed as a file, the Application Log or the Security Log.
I hope this clarifies some points before we move forward. Enjoy and stay tuned.