FIX: Running RESTORE VERIFYONLY logs a CREATE DATABASE event in a server audit specification that uses DATABASE_CHANGE_GROUP in SQL Server

Gilt für: SQL Server 2014SQL Server 2016SQL Server 2017 on Linux

Symptoms


Assume that you set up a Microsoft SQL Server audit to have a server audit specification that uses the DATABASE_CHANGE_GROUP event. When a user runs RESTORE VERIFYONLY on a database backup file, the CREATE DATABASE permission is logged to the Audit log.

Cause


The CREATE DATABASE permission is required to run RESTORE VERIFYONLY. When that permission is checked, a corresponding event is logged to the Audit log for the DATABASE_CHANGE_GROUP audit specification.

Workaround


To work around this issue, use a query such as the following to filter the Audit log records that are related to running RESTORE VERIFYONLY:

select * from fn_get_audit_file('C:\path\to\file.sqlaudit', default, default) where statement NOT LIKE '%RESTORE VERIFYONLY%'

More information


Status


Microsoft has confirmed that this is an issue in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology that Microsoft uses to describe software updates.