Checking SQL Server logins for auditing

An audit installation requires at least two Microsoft SQL Server databases: one for the management database and at least one for the first audit store database. To successfully connect to these databases, you must ensure that the appropriate users and computers have permission to read or to read and write for the databases that store audit-related information.

The simplest way to manage SQL Server logins for auditors and administrators is to do the following:

  • Ensure you have a SQL Server login account for the NT Authority\System built-in account.
  • Add the NT Authority\System account to the sysadmin fixed server role.
  • Use the Audit Manager console to add Active Directory users and groups to the Auditor roles and/or assign them administrative rights over the audit installation.

If you use Audit Manager to manage SQL Server logins, you can use Active Directory membership to automatically add and remove the permissions required for auditing activity. There is no requirement to use the SQL Server Management Studio to manage logins or permissions. Since it is recommended that you have a dedicated SQL Server instance for auditing, giving the NT Authority\System account a SQL Server login and system administrator role is an acceptable solution for most organizations.

Auditing permissions for SQL Server
SQL Server account Type of account Required permissions Notes
NT Authority\System machine account

SQL Server Roles: sysadmin role