![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 96%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
SQL Server Database Engine
Core component of SQL Server for storing, processing, and securing data
SQL Server Audit does not support filtering directly on the action_id column in the audit specification definition, but action_id can be used as a predicate if it is converted from its character form to a numeric value.
To exclude SELECT actions, configure the audit with a predicate on action_id that filters out the numeric value corresponding to SELECT. The key point from the documentation is:
To use action_id as a predicate it must be converted from a character string to a numeric value. For more information, see Filter SQL Server Audit on action_id / class_type predicate.
In practice, this means:
- Create or alter the server or database audit specification.
- Use a
WHEREpredicate on the audit (the audit predicate expression) that compares the convertedaction_idto the numeric value forSELECT, and exclude it.
Conceptually, the predicate looks like:
WHERE CONVERT(int, action_id) <> <numeric_value_for_SELECT>
This predicate is attached to the audit itself (the WHERE clause of the audit specification), not to the table columns. The audit records will still contain action_id along with other columns such as event_time, succeeded, permission_bitmask, etc., but events where action_id corresponds to SELECT will be excluded by the predicate.
The exact numeric value for SELECT is determined by converting the action_id string for SELECT to its numeric representation, as described in the referenced blog article.
References: