While reviewing some audit logs genereated in SQL Server 2008 auditing I came across a a few action_id values that were not completely obvious to me. I began the great google search in hopes of finding a table that mapped out this information and was somewhat unsuccessful. What I did manage to put together was a a query to determine what they all meant.
Select DISTINCT action_id,name,class_desc,parent_class_desc from sys.dm_audit_actions
The above query will list all the action_id’s and what they actually mean in the world of SQL. In order to save time for everyone the trimmed down list is below.
action_id | name |
ACDO | DATABASE_OBJECT_ACCESS_GROUP |
ACO | SCHEMA_OBJECT_ACCESS_GROUP |
ADBO | BULK ADMIN |
ADDP | DATABASE_ROLE_MEMBER_CHANGE_GROUP |
ADSP | SERVER_ROLE_MEMBER_CHANGE_GROUP |
AL | ALTER |
ALCN | ALTER CONNECTION |
ALRS | ALTER RESOURCES |
ALSS | ALTER SERVER STATE |
ALST | ALTER SETTINGS |
ALTR | ALTER TRACE |
APRL | ADD MEMBER |
AS | ACCESS |
AUSC | AUDIT SESSION CHANGED |
AUSF | AUDIT SHUTDOWN ON FAILURE |
AUTH | AUTHENTICATE |
BA | BACKUP |
BAL | BACKUP LOG |
BRDB | BACKUP_RESTORE_GROUP |
C2OF | TRACE AUDIT C2OFF |
C2ON | TRACE AUDIT C2ON |
CCLG | CHANGE LOGIN CREDENTIAL |
CMLG | CREDENTIAL MAP TO LOGIN |
CNAU | AUDIT_CHANGE_GROUP |
CO | CONNECT |
CP | CHECKPOINT |
CR | CREATE |
D | DENY |
DBCC | DBCC |
DBCG | DBCC_GROUP |
DL | DELETE |
DPRL | DROP MEMBER |
DR | DROP |
DWC | DENY WITH CASCADE |
EX | EXECUTE |
FT | FULLTEXT |
FTG | FULLTEXT_GROUP |
G | GRANT |
GRDB | DATABASE_PERMISSION_CHANGE_GROUP |
GRDO | DATABASE_OBJECT_PERMISSION_CHANGE_GROUP |
GRO | SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP |
GRSO | SERVER_OBJECT_PERMISSION_CHANGE_GROUP |
GRSV | SERVER_PERMISSION_CHANGE_GROUP |
GWG | GRANT WITH GRANT |
IMDP | DATABASE_PRINCIPAL_IMPERSONATION_GROUP |
IMP | IMPERSONATE |
IMSP | SERVER_PRINCIPAL_IMPERSONATION_GROUP |
IN | INSERT |
LGB | BROKER LOGIN |
LGBG | BROKER_LOGIN_GROUP |
LGDA | DISABLE |
LGDB | CHANGE DEFAULT DATABASE |
LGEA | ENABLE |
LGFL | FAILED_LOGIN_GROUP |
LGIF | LOGIN FAILED |
LGIS | LOGIN SUCCEEDED |
LGLG | CHANGE DEFAULT LANGUAGE |
LGM | DATABASE MIRRORING LOGIN |
LGMG | DATABASE_MIRRORING_LOGIN_GROUP |
LGNM | NAME CHANGE |
LGO | LOGOUT |
LGSD | SUCCESSFUL_LOGIN_GROUP |
LO | LOGOUT_GROUP |
MNDB | DATABASE_CHANGE_GROUP |
MNDO | DATABASE_OBJECT_CHANGE_GROUP |
MNDP | DATABASE_PRINCIPAL_CHANGE_GROUP |
MNO | SCHEMA_OBJECT_CHANGE_GROUP |
MNSO | SERVER_OBJECT_CHANGE_GROUP |
MNSP | SERVER_PRINCIPAL_CHANGE_GROUP |
NMLG | NO CREDENTIAL MAP TO LOGIN |
OP | OPEN |
OPDB | DATABASE_OPERATION_GROUP |
OPSV | SERVER_OPERATION_GROUP |
PWAR | APPLICATION_ROLE_CHANGE_PASSWORD_GROUP |
PWC | CHANGE PASSWORD |
PWCG | LOGIN_CHANGE_PASSWORD_GROUP |
PWCS | CHANGE OWN PASSWORD |
PWEX | PASSWORD EXPIRATION |
PWMC | MUST CHANGE PASSWORD |
PWPL | PASSWORD POLICY |
PWR | RESET PASSWORD |
PWRS | RESET OWN PASSWORD |
PWU | UNLOCK ACCOUNT |
R | REVOKE |
RC | RECEIVE |
RF | REFERENCES |
RS | RESTORE |
RWC | REVOKE WITH CASCADE |
RWG | REVOKE WITH GRANT |
SL | SELECT |
SN | SEND |
SPLN | SHOW PLAN |
STSV | SERVER_STATE_CHANGE_GROUP |
SUQN | SUBSCRIBE QUERY NOTIFICATION |
SVCN | SERVER CONTINUE |
SVPD | SERVER PAUSED |
SVSD | SERVER SHUTDOWN |
SVSR | SERVER STARTED |
TASA | TRACE AUDIT START |
TASP | TRACE AUDIT STOP |
TO | TAKE OWNERSHIP |
TODB | DATABASE_OWNERSHIP_CHANGE_GROUP |
TODO | DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP |
TOO | SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP |
TOSO | SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP |
TRCG | TRACE_CHANGE_GROUP |
TRO | TRANSFER |
UP | UPDATE |
USAF | CHANGE USERS LOGIN AUTO |
USLG | CHANGE USERS LOGIN |
VDST | VIEW DATABASE STATE |
VSST | VIEW SERVER STATE |
VWCT | VIEW CHANGETRACKING |
XA | EXTERNAL ACCESS ASSEMBLY |
XU | UNSAFE ASSEMBLY |
I really appreciate you sharing this info!
[…] https://cprovolt.wordpress.com/2013/08/02/sql-server-audit-action_id-list/ […]
[…] came across this blog post by Chris Provolt listing the text versions of the action_id’s. That was helpful, especially […]
thats very informative post ,keep Sharing your views
its very useful sql server audit list ,
Great information – thanks a lot, Chris!