---
title: "Audit Add DB User Event Class | Microsoft Docs"
ms.custom: ""
ms.date: "03/14/2017"
ms.prod: sql
ms.reviewer: ""
ms.technology: supportability
ms.topic: conceptual
helpviewer_keywords:
- "Audit Add DB User event class"
ms.assetid: ac9ed573-c84d-444c-81fb-923a6240c1ef
author: "stevestein"
ms.author: "sstein"
monikerRange: "=azuresqldb-current||>=sql-server-2016||=sqlallproducts-allversions||>=sql-server-linux-2017||=azuresqldb-mi-current"
---
# Audit Add DB User Event Class
[!INCLUDE[appliesto-ss-asdb-xxxx-xxx-md](../../includes/appliesto-ss-asdb-xxxx-xxx-md.md)]
The **Audit Add DB User** event class occurs whenever a login is added or removed as a database user to a database. This event class is used for the **sp_grantdbaccess**, **sp_revokedbaccess**, **sp_adduser**, and **sp_dropuser** stored procedures.
This event class may be removed in a future version of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. It is recommended that you use the **Audit Database Principal Management** event class instead.
## Audit Add DB User Event Class Data Columns
|Data column name|Data type|Description|Column ID|Filterable|
|----------------------|---------------|-----------------|---------------|----------------|
|**ApplicationName**|**nvarchar**|Name of the client application that created the connection to an instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)]. This column is populated with the values passed by the application rather than the displayed name of the program.|10|Yes|
|**ClientProcessID**|**int**|ID assigned by the host computer to the process where the client application is running. This data column is populated if the client process ID is provided by the client.|9|Yes|
|**ColumnPermissions**|**int**|Indicator of whether a column permission was set. Parse the statement text to determine which permissions were applied to which columns.|44|Yes|
|**DatabaseID**|**int**|ID of the database specified by the USE *database* statement or the default database if no USE *database* statement has been issued for a given instance. [!INCLUDE[ssSqlProfiler](../../includes/sssqlprofiler-md.md)] displays the name of the database if the **ServerName** data column is captured in the trace and the server is available. Determine the value for a database by using the DB_ID function.|3|Yes|
|**DatabaseName**|**nvarchar**|Name of the database where the username is being added or removed.|35|Yes|
|**DBUserName**|**nvarchar**|Issuer's username in the database.|40|Yes|
|**EventClass**|**int**|Type of event = 109.|27|No|
|**EventSequence**|**int**|Sequence of a given event within the request.|51|No|
|**EventSubClass**|**int**|Type of event subclass.
1=Add
2=Drop
3=Grant database access
4=Revoke database access|21|Yes|
|**HostName**|**nvarchar**|Name of the computer on which the client is running. This data column is populated if the host name is provided by the client. To determine the host name, use the HOST_NAME function.|8|Yes|
|**IsSystem**|**int**|Indicates whether the event occurred on a system process or a user process. 1 = system, 0 = user.|60|Yes|
|**LoginName**|**nvarchar**|Name of the login of the user (either the [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] security login or the [!INCLUDE[msCoName](../../includes/msconame-md.md)] Windows login credentials in the form of DOMAIN\username).|11|Yes|
|**LoginSid**|**image**|Security identification number (SID) of the logged-in user. You can find this information in the **sys.server_principals** catalog view. Each SID is unique for each login in the server.|41|Yes|
|**NTDomainName**|**nvarchar**|Windows domain to which the user belongs.|7|Yes|
|**NTUserName**|**nvarchar**|Windows user name.|6|Yes|
|**OwnerName**|**nvarchar**|Database user name of the object owner.|37|Yes|
|**RequestID**|**int**|ID of the request containing the statement.|49|Yes|
|**RoleName**|**nvarchar**|Name of the database role whose membership is being modified (if done with **sp_adduser**).|38|Yes|
|**ServerName**|**nvarchar**|Name of the instance of [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] being traced.|26||
|**SessionLoginName**|**Nvarchar**|Login name of the user who originated the session. For example, if you connect to [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] using Login1 and execute a statement as Login2, **SessionLoginName** shows Login1 and **LoginName** shows Login2. This column displays both [!INCLUDE[ssNoVersion](../../includes/ssnoversion-md.md)] and Windows logins.|64|Yes|
|**SPID**|**int**|ID of the session on which the event occurred.|12|Yes|
|**StartTime**|**datetime**|Time at which the event started, if available.|14|Yes|
|**Success**|**int**|1 = success. 0 = failure. For example, a value of 1 indicates success of a permissions check and a value of 0 indicates failure of that check.|23|Yes|
|**TargetLoginName**|**nvarchar**|Name of the login that is having its database access modified.|42|Yes|
|**TargetLoginSid**|**image**|For actions that target a login (for example, adding a new login), the security identification number (SID) of the targeted login.|43|Yes|
|**TargetUserName**|**nvarchar**|Name of the database user being added.|39|Yes|
|**TransactionID**|**bigint**|System-assigned ID of the transaction.|4|Yes|
|**XactSequence**|**bigint**|Token used to describe the current transaction.|50|Yes|
## See Also
[Extended Events](../../relational-databases/extended-events/extended-events.md)
[sp_trace_setevent (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-trace-setevent-transact-sql.md)
[sp_grantdbaccess (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-grantdbaccess-transact-sql.md)
[sp_revokedbaccess (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-revokedbaccess-transact-sql.md)
[sp_adduser (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-adduser-transact-sql.md)
[sp_dropuser (Transact-SQL)](../../relational-databases/system-stored-procedures/sp-dropuser-transact-sql.md)
[Audit Database Principal Management Event Class](../../relational-databases/event-classes/audit-database-principal-management-event-class.md)