Security Audit Event Category (SQL Server Profiler)
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
The Security Audit event category contains security audit events.
In This Section
| Topic | Description |
|---|---|
| Audit Add DB User Event Class | Indicates that a login has been added or removed as a database user to a database. |
| Audit Add Login to Server Role Event Class | Indicates that a login was added or removed from a fixed server role. |
| Audit Add Member to DB Role Event Class | Indicates that a login has been added to or removed from a role. |
| Audit Add Role Event Class | Indicates that a database role was added to or removed from a database. |
| Audit Addlogin Event Class | Indicates that a login has been added or removed. |
| Audit App Role Change Password Event Class | Indicates that a password has been changed for an application role. |
| Audit Backup and Restore Event Class | Indicates that a backup or restore statement has been issued. |
| Audit Broker Conversation Event Class | Reports audit messages related to Service Broker dialog security. |
| Audit Broker Login Event Class | Reports audit messages related to Service Broker transport security. |
| Audit Change Audit Event Class | Indicates that an audit trace modification has been made. |
| Audit Change Database Owner Event Class | Indicates that the permissions to change the owner of a database have been checked. |
| Audit Database Management Event Class | Indicates that a database has been created, altered, or dropped. |
| Audit Database Mirroring Login Event Class | Reports audit messages related to database mirroring transport security. |
| Audit Database Object Access Event Class | Indicates that a database object, such as a schema, has been accessed. |
| Audit Database Object GDR Event Class | Indicates that a GDR event for a database object has occurred. |
| Audit Database Object Management Event Class | Indicates that a CREATE, ALTER, or DROP statement was executed on a database object. |
| Audit Database Object Take Ownership Event Class | Indicates that there has been a change of owner for objects in database scope. |
| Audit Database Operation Event Class | Indicates that various operations such as checkpoint or subscribe query notification have occurred. |
| Audit Database Principal Impersonation Event Class | Indicates that an impersonation has occurred within the database scope. |
| Audit Database Principal Management Event Class | Indicates that principals have been created, altered, or dropped from a database. |
| Audit Database Scope GDR Event Class | Indicates that a GRANT, REVOKE, or DENY has been issued for a statement permission by a user in Microsoft SQL Server. |
| Audit DBCC Event Class | Indicates that a DBCC command has been issued. |
| Audit Fulltext Event Class | Indicates that a full-text event has occurred. |
| Audit Login Change Password Event Class | Indicates that a user has changed their SQL Server login password. |
| Audit Login Change Property Event Class | Indicates that sp_defaultdb, sp_defaultlanguage, or ALTER LOGIN was used to modify a property of a login. |
| Audit Login Event Class | Indicates that a user has successfully logged into SQL Server. |
| Audit Login Failed Event Class | Indicates that a user attempted to log in to SQL Server and failed. |
| Audit Login GDR Event Class | Indicates that a Microsoft Windows login right was added or removed. |
| Audit Logout Event Class | Indicates that a user has logged out of SQL Server. |
| Audit Object Derived Permission Event Class | Indicates that a CREATE, ALTER, or DROP was issued for an object. |
| Audit Schema Object Access Event Class | Indicates that an object permission (such as SELECT) has been used. |
| Audit Schema Object GDR Event Class | Indicates that a GRANT, REVOKE, or DENY was issued for a schema object permission by a user in SQL Server. |
| Audit Schema Object Management Event Class | Indicates that a server object has been created, altered, or dropped. |
| Audit Schema Object Take Ownership Event Class | Indicates that the permissions to change the owner of schema object have been checked. |
| Audit Server Alter Trace Event Class | Indicates that the ALTER TRACE permission has been checked. |
| Audit Server Object GDR Event Class | Indicates that a GDR event for a schema object has occurred. |
| Audit Server Object Management Event Class | Indicates that a CREATE, ALTER, or DROP event has occurred for a server object. |
| Audit Server Object Take Ownership Event Class | Indicates that a server object owner has changed. |
| Audit Server Operation Event Class | Indicates that Audit operations have occurred in the server. |
| Audit Server Principal Impersonation Event Class | Indicates that an impersonation has occurred within the server scope. |
| Audit Server Principal Management Event Class | Indicates that a CREATE, ALTER, or DROP has occurred for a server principal. |
| Audit Server Scope GDR Event Class | Indicates that a GDR event has occurred for server permissions. |
| Audit Server Starts and Stops Event Class | Indicates that the SQL Server service state has been modified. |
| Audit Statement Permission Event Class | Indicates that a statement permission has been used. |