| Field | Description |
|---|
| Occurred | When event was reported by SQL Server |
| Action | ID of the SQL Audit Action. See sys.dm_audit_actions on TechNet. |
| Succeeded | "True" or "False" |
| Permission bitmask | When applicable, shows the permissions that were granted, denied, or revoked |
| Is column permission | Flag indicating a column level permission |
| Session ID | ID of the session on which the event occurred |
| Server principal ID | ID of the login context that the action is performed in. |
| Database principal ID | Current user |
| Target server principal ID | Target login of the action |
| Target database principal ID | Database principal that the auditable action applies to. |
| Object ID | The primary ID of the entity on which the audit occurred. This includes: server objects, databases, database objects or schema objects |
| Class type | Type of auditable entity that the audit occurs on. See SQL Server Audit Records on TechNet. |
| Session server principal name | Server principal for the session |
| Server principal name | Current Login |
| Server principal SID | Current login SID |
| Occurred | When event was reported by SQL Server |
| Database principal name | Current user |
| Target server principal name | Target login of the action |
| Target server principal SID | Target login's SID of the action |
| Target database principal name | Database principal that the auditable action applies to. |
| Server instance name | Name of the server instance where the audit occurred. Uses the standard machine\instance format. |
| Database name | Database affected by the event |
| Schema name | Schema context in which the action occurred |
| Object name | Name of the entity on which the audit occurred. This includes: server objects, databases, database objects or schema objects |
| Statement | Transact-SQL statement |
| Additional information | Any additional information about the event, stored as XML. |