For multi-tenant databases, certain new and existing audit policy events add a tenant or group name prefix to the information in the _Event-context field of the _aud-audit-data table.

For these multi-tenant events, where no database record operation is involved, the multi-tenant format of the _Event-context field is as follows:

{T:tenant-name|G:group-name}.owner.table-name

To identify database records for audited database operations, the multi-tenant format is as follows:

{T:tenant-name|G:group-name}.owner.table-name
CHR(6)id-fld-val[CHR(7)id-fld-val-n...]
T:tenant-name
Identifies the name of database tenant on which the audited operation occurred.
G:group-name
Identifies the name of tenant group on which the audited operation occurred.
owner
The owner of the database table on which the audited operation occurred. For ABL, this is always PUB. Otherwise, it is the table owner as defined by SQL.
table-name
The name of the database table on which the audited operation occurred.
CHR(6)
CHR(7)
Non-printing ASCII characters with the value of 6 to delimit an initial identifying field value, and the value of 7 to delimit each additional identifying field value (respectively).
id-fld-val
An initial field value that identifies the database record on which the audited operation occurred.
id-fld-val-n
One of zero to any number of additional field values required to identify the database record on which the audited operation occurred.

For details on the audit policy events that contain this new format, see Learn about Security and Auditing.