SQL Server Audit Action Group: SERVER_OBJECT_PERMISSION_CHANGE_GROUP

Available in New to:
Database
Audit
Specification
Server
Audit
Specification
2012 2016
   

This group tracks changes of permissions on "server objects". We are unsure of what constitutes a "server object", but apparently this includes server master keys, server credentials and cryptographic providers.

This would seem to be an important audit action group because ownership changes are significant to the security of the system.

LOGbinder for SQL Server events generated under this Audit Action Group:

Event ID Description
24172 Issued grant server object permissions command
24173 Issued grant server object permissions with grant command
24174 Issued deny server object permissions command
24175 Issued deny server object permissions with cascade command
24176 Issued revoke server object permissions command
24177 Issued revoke server object permissions with grant command
24178 Issued revoke server object permissions with cascade command
24291 Issued grant user-defined server role permissions command
24292 Issued grant user-defined server role permissions with grant command
24293 Issued deny user-defined server role permissions command
24294 Issued deny user-defined server role permissions with cascade command
24295 Issued revoke user-defined server role permissions command
24296 Issued revoke user-defined server role permissions with grant command
24297 Issued revoke user-defined server role permissions with cascade command

 

Upcoming Webinars
    Additional Resources