Is there a way with SQL Server 2008 to audit only actions taken by system administrators, but audit all their actions?
asked
Audit system administrators only
Short answer is no. I was wondering this same thing and from my research I've concluded that you can't audit actions taken only be system administrators. If anyone understands differently, please correct me.
Your audit specifications are setup based on the actions you want to audit, not the group or login that you want to audit.
You can create server audit specifications that audit action groups at the server level and audit specifications that audit action groups at the database level. http://technet.microsoft.com/en-us/library/cc280663.aspx
In a database audit specification, you can audit SELECT, UPDATE, INSERT, DELETE, EXECUTE, RECEIVE and REFERENCES for an object class (database, object, schema) by a principal (user, database role, application role). So in those instances, you can get more specific down to the principal.
By choosing the action groups to audit, you can essentially audit everything that system administrators would have access to.
