title: "Security Audit Event Category (SQL Server Profiler) | Microsoft Docs" ms.custom: "" ms.date: "03/14/2017" ms.prod: "sql" ms.prod_service: "database-engine, sql-database" ms.service: "" ms.component: "event-classes" ms.reviewer: "" ms.suite: "sql" ms.technology:
- "database-engine" ms.tgt_pltfrm: "" ms.topic: "article" helpviewer_keywords:
- "Security Audit event category [SQL Server]"
- "event classes [SQL Server], Security Audit event category"
- "SQL Server event classes, Security Audit event category" ms.assetid: e64f7695-2f23-4adb-b83d-52f147cc1a2f caps.latest.revision: 36 author: "stevestein" ms.author: "sstein" manager: "craigg" ms.workload: "Inactive" monikerRange: "= azuresqldb-current || >= sql-server-2016 || = sqlallproducts-allversions"
[!INCLUDEappliesto-ss-asdb-xxxx-xxx-md] The Security Audit event category contains security audit events.
| Topic | Description |
|---|---|
| Audit Add DB User Event Class | Indicates that a login has been added or removed as a database user to a database. |
| Audit Add Login to Server Role Event Class | Indicates that a login was added or removed from a fixed server role. |
| Audit Add Member to DB Role Event Class | Indicates that a login has been added to or removed from a role. |
| Audit Add Role Event Class | Indicates that a database role was added to or removed from a database. |
| Audit Addlogin Event Class | Indicates that a login has been added or removed. |
| Audit App Role Change Password Event Class | Indicates that a password has been changed for an application role. |
| Audit Backup and Restore Event Class | Indicates that a backup or restore statement has been issued. |
| Audit Broker Conversation Event Class | Reports audit messages related to Service Broker dialog security. |
| Audit Broker Login Event Class | Reports audit messages related to Service Broker transport security. |
| Audit Change Audit Event Class | Indicates that an audit trace modification has been made. |
| Audit Change Database Owner Event Class | Indicates that the permissions to change the owner of a database have been checked. |
| Audit Database Management Event Class | Indicates that a database has been created, altered, or dropped. |
| Audit Database Mirroring Login Event Class | Reports audit messages related to database mirroring transport security. |
| Audit Database Object Access Event Class | Indicates that a database object, such as a schema, has been accessed. |
| Audit Database Object GDR Event Class | Indicates that a GDR event for a database object has occurred. |
| Audit Database Object Management Event Class | Indicates that a CREATE, ALTER, or DROP statement was executed on a database object. |
| Audit Database Object Take Ownership Event Class | Indicates that there has been a change of owner for objects in database scope. |
| Audit Database Operation Event Class | Indicates that various operations such as checkpoint or subscribe query notification have occurred. |
| Audit Database Principal Impersonation Event Class | Indicates that an impersonation has occurred within the database scope. |
| Audit Database Principal Management Event Class | Indicates that principals have been created, altered, or dropped from a database. |
| Audit Database Scope GDR Event Class | Indicates that a GRANT, REVOKE, or DENY has been issued for a statement permission by a user in [!INCLUDEmsCoName] [!INCLUDEssNoVersion]. |
| Audit DBCC Event Class | Indicates that a DBCC command has been issued. |
| Audit Fulltext Event Class | Indicates that a full-text event has occured. |
| Audit Login Change Password Event Class | Indicates that a user has changed their [!INCLUDEssNoVersion] login password. |
| Audit Login Change Property Event Class | Indicates that sp_defaultdb, sp_defaultlanguage, or ALTER LOGIN was used to modify a property of a login. |
| Audit Login Event Class | Indicates that a user has successfully logged into [!INCLUDEssNoVersion]. |
| Audit Login Failed Event Class | Indicates that a user attempted to log in to [!INCLUDEssNoVersion] and failed. |
| Audit Login GDR Event Class | Indicates that a [!INCLUDEmsCoName] Windows login right was added or removed. |
| Audit Logout Event Class | Indicates that a user has logged out of [!INCLUDEssNoVersion]. |
| Audit Object Derived Permission Event Class | Indicates that a CREATE, ALTER, or DROP was issued for an object. |
| Audit Schema Object Access Event Class | Indicates that an object permission (such as SELECT) has been used. |
| Audit Schema Object GDR Event Class | Indicates that a GRANT, REVOKE, or DENY was issued for a schema object permission by a user in [!INCLUDEssNoVersion]. |
| Audit Schema Object Management Event Class | Indicates that a server object has been created, altered, or dropped. |
| Audit Schema Object Take Ownership Event Class | Indicates that the permissions to change the owner of schema object have been checked. |
| Audit Server Alter Trace Event Class | Indicates that the ALTER TRACE permission has been checked. |
| Audit Server Object GDR Event Class | Indicates that a GDR event for a schema object has occurred. |
| Audit Server Object Management Event Class | Indicates that a CREATE, ALTER, or DROP event has occurred for a server object. |
| Audit Server Object Take Ownership Event Class | Indicates that a server object owner has changed. |
| Audit Server Operation Event Class | Indicates that Audit operations have occurred in the server. |
| Audit Server Principal Impersonation Event Class | Indicates that an impersonation has occurred within the server scope. |
| Audit Server Principal Management Event Class | Indicates that a CREATE, ALTER, or DROP has occurred for a server principal. |
| Audit Server Scope GDR Event Class | Indicates that a GDR event has occurred for server permissions. |
| Audit Server Starts and Stops Event Class | Indicates that the [!INCLUDEssNoVersion] service state has been modified. |
| Audit Statement Permission Event Class | Indicates that a statement permission has been used. |