Set-AzureRmSqlDatabaseAuditingPolicy

Sets the auditing policy for a database.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Set-AzureRmSqlDatabaseAuditingPolicy
   [-AuditType <AuditType>]
   [-PassThru]
   [-AuditActionGroup <AuditActionGroups[]>]
   [-AuditAction <String[]>]
   [-EventType <String[]>]
   [-StorageAccountName <String>]
   [-StorageKeyType <String>]
   [-RetentionInDays <UInt32>]
   [-TableIdentifier <String>]
   [-ServerName] <String>
   [-DatabaseName] <String>
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzureRmSqlDatabaseAuditingPolicy cmdlet changes the auditing policy of an Azure SQL database. To use the cmdlet, use the ResourceGroupName, ServerName, and DatabaseName parameters to identify the database. Specify the StorageAccountName parameter to specify the storage account for the audit logs and the StorageKeyType parameter to define the storage keys. You can also define retention for the audit logs table by setting the value of the RetentionInDays and TableIdentifier parameters to define the period and the seed for the audit log table names. Specify the EventType parameter to define which event types to audit. After the cmdlet runs successfully, auditing of the database is enabled. For Table Auditing, if the database used the policy of its server for auditing before you ran this cmdlet, auditing stops using that policy. For Blob Auditing, if the database used the policy of its server for auditing before you ran this cmdlet, both auditing policies will exist side-by-side. If the cmdlet succeeds and you use the PassThru parameter, it returns an object describing the current auditing policy in addition to the database identifiers. Database identifiers include, but are not limited to, ResourceGroupName, ServerName, and DatabaseName. This cmdlet is also supported by the SQL Server Stretch Database service on Azure.

Examples

Example 1: Set the auditing policy of a database to use Table auditing

PS C:\>Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -DatabaseName "Database01" -AuditType Table -StorageAccountName "Storage31"

This command sets the auditing policy of database named Database01 located on Server01 to use the storage account named Storage31.

Example 2: Set the storage account key of an existing auditing policy of a database

PS C:\>Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -DatabaseName "Database01" -StorageAccountKey Secondary

This command sets the auditing policy of database named Database01 located on Server01 to keep using the same storage account name but to now use the secondary key.

Example 3: Set the auditing policy of a database to use a specific event type

PS C:\>Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -DatabaseName "Database01" -EventType Login_Failure

Example 4: Set the auditing policy of a database to use Blob auditing

PS C:\>Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -DatabaseName "Database01" -AuditType Blob -StorageAccountName "Storage31" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -AuditAction "UPDATE ON database::[Database01] BY [public]"  -RetentionInDays 8

This command sets the auditing policy of database named Database01 located on Server01. The policy logs the Login_Failure event type. The command does not change the storage settings.

Parameters

-AuditAction

Specify one or more audit actions. This parameter is only applicable to Blob auditing.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AuditActionGroup

Specify one or more audit action groups. This parameter is only applicable to Blob auditing.

Type:AuditActionGroups[]
Accepted values:BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, AUDIT_CHANGE_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-AuditType

Type:AuditType
Accepted values:NotSet, Table, Blob
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DatabaseName

Specifies the name of the database.

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EventType

Specifies the event types to audit. This parameter is only applicable to Table auditing. You can specify several event types. You can specify All to audit all of the event types or None to specify that no events will be audited. If you specify All or None at the same time, the cmdlet does not run.

Type:String[]
Accepted values:PlainSQL_Success, PlainSQL_Failure, ParameterizedSQL_Success, ParameterizedSQL_Failure, StoredProcedure_Success, StoredProcedure_Failure, Login_Success, Login_Failure, TransactionManagement_Success, TransactionManagement_Failure, All, None
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the resource group to which the database is assigned.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RetentionInDays

Specifies the number of retention days for the audit logs table. A value of zero (0) means that the table is not retained. The default value is zero. If you specify a value greater than zero, you must specify a value for the TableIdentifer parameter.

Type:Nullable<T>[UInt32]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ServerName

Specifies the name of the server that hosts the database.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-StorageAccountName

Specifies the name of the storage account for auditing the database. Wildcard characters are not permitted. This parameter is not required. If you do not specify this parameter, the cmdlet uses the storage account that was defined previously as part of the auditing policy of the database. If this is the first time a database auditing policy is defined and you do not specify this parameter, the cmdlet fails.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-StorageKeyType

Specifies which of the storage access keys to use. The acceptable values for this parameter are:

  • Primary
  • Secondary The default value is Primary.
Type:String
Accepted values:Primary, Secondary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-TableIdentifier

Specifies the name of the audit logs table. Specify this value if you specify a value greater than zero for the RetentionInDays parameter.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

AuditType

AuditActionGroups[]

String[]

String

Nullable<T>[[System.UInt32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

Outputs

AuditingPolicyModel