SQL Server Audit Action Group: DATABASE_OBJECT_PERMISSION_CHANGE_GROUP

Available in		New to:
Database Audit Specification	Server Audit Specification	2012	2016
•	•

This group tracks attempts to grant, deny or revoke permissions on database objects including certificates, database master keys, database encryption keys, symmetric and asymmetric keys, assemblies and schemas.

This is an important audit action group because permission changes are critical to the security of the server and the information on it.

If you enable this group in a database audit specification, it will track permission changes to database objects within that database only. If you enable this group in a server audit specification, it will track permission changes to database objects in all databases within that SQL Server instance.

LOGbinder for SQL Server events generated under this Audit Action Group:

Event ID	Description
24193	Issued grant database object permissions command
24194	Issued grant database object permissions with grant command
24195	Issued deny database object permissions command
24196	Issued deny database object permissions with cascade command
24197	Issued revoke database object permissions command
24198	Issued revoke database object permissions with grant command
24199	Issued revoke database object permissions with cascade command
24200	Issued grant schema permissions command
24201	Issued grant schema permissions with grant command
24202	Issued deny schema permissions command
24203	Issued deny schema permissions with cascade command
24204	Issued revoke schema permissions command
24205	Issued revoke schema permissions with grant command
24206	Issued revoke schema permissions with cascade command
24207	Issued grant assembly permissions command
24208	Issued grant assembly permissions with grant command
24209	Issued deny assembly permissions command
24210	Issued deny assembly permissions with cascade command
24211	Issued revoke assembly permissions command
24212	Issued revoke assembly permissions with grant command
24213	Issued revoke assembly permissions with cascade command
24214	Issued grant database role permissions command
24215	Issued grant database role permissions with grant command
24216	Issued deny database role permissions command
24217	Issued deny database role permissions with cascade command
24218	Issued revoke database role permissions command
24219	Issued revoke database role permissions with grant command
24220	Issued revoke database role permissions with cascade command
24221	Issued grant application role permissions command
24222	Issued grant application role permissions with grant command
24223	Issued deny application role permissions command
24224	Issued deny application role permissions with cascade command
24225	Issued revoke application role permissions command
24226	Issued revoke application role permissions with grant command
24227	Issued revoke application role permissions with cascade command
24228	Issued grant symmetric key permissions command
24229	Issued grant symmetric key permissions with grant command
24230	Issued deny symmetric key permissions command
24231	Issued deny symmetric key permissions with cascade command
24232	Issued revoke symmetric key permissions command
24233	Issued revoke symmetric key permissions with grant command
24234	Issued revoke symmetric key permissions with cascade command
24235	Issued grant certificate permissions command
24236	Issued grant certificate permissions with grant command
24237	Issued deny certificate permissions command
24238	Issued deny certificate permissions with cascade command
24239	Issued revoke certificate permissions command
24240	Issued revoke certificate permissions with grant command
24241	Issued revoke certificate permissions with cascade command
24242	Issued grant asymmetric key permissions command
24243	Issued grant asymmetric key permissions with grant command
24244	Issued deny asymmetric key permissions command
24245	Issued deny asymmetric key permissions with cascade command
24246	Issued revoke asymmetric key permissions command
24247	Issued revoke asymmetric key permissions with grant command
24248	Issued revoke asymmetric key permissions with cascade command

Upcoming Webinars

Additional Resources

Audit Policy

•	Server Audit Specification
•	Database Audit Specification
•	Audit Action Groups
•	Audit Actions
•	Audit Policy Wizard

User name:
Password:
	/ Forgot?
	Register

December 2024 Patch Tuesday	"Patch Tuesday - 2 Zero Days...See You in 2025! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.