Merge pull request #36675 from Madhumitatripathy/patch-17

Clarify SENSITIVE_BATCH_COMPLETED_GROUP behavior

Author: prmerger-automator[bot]

docs/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions.md

@@ -150,7 +150,7 @@ The following table describes the database-level audit action groups and provide
 | `SCHEMA_OBJECT_CHANGE_GROUP` | This event is raised when a `CREATE`, `ALTER`, or `DROP` operation is performed on a schema. Equivalent to the [Audit Schema Object Management Event Class](../../event-classes/audit-schema-object-management-event-class.md).<br /><br />This event is raised on schema objects. Equivalent to the [Audit Object Derived Permission Event Class](../../event-classes/audit-object-derived-permission-event-class.md). Also equivalent to the [Audit Statement Permission Event Class](../../event-classes/audit-statement-permission-event-class.md). |
 | `SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP` | This event is raised when the permissions to change the owner of schema object such as a table, procedure, or function is checked. This occurs when the `ALTER AUTHORIZATION` statement is used to assign an owner to an object. Equivalent to the [Audit Schema Object Take Ownership Event Class](../../event-classes/audit-schema-object-take-ownership-event-class.md). |
 | `SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP` | This event is raised whenever a grant, deny, or revoke is issued for a schema object. Equivalent to the [Audit Schema Object GDR Event Class](../../event-classes/audit-schema-object-gdr-event-class.md). |
-| `SENSITIVE_BATCH_COMPLETED_GROUP` | This event is raised whenever any batch text, stored procedure, or transaction management operation completes executing on sensitive data classified using [SQL Data Discovery & Classification](../sql-data-discovery-and-classification.md). The event is raised after the batch completes and audits the entire batch or stored procedure text, as sent from the client, including the result. <br /><br /> Available starting with [!INCLUDE [sssql22-md](../../../includes/sssql22-md.md)]|
+| `SENSITIVE_BATCH_COMPLETED_GROUP` | This event is raised whenever any batch text, stored procedure, or transaction management operation completes executing on sensitive data classified using [SQL Data Discovery & Classification](../sql-data-discovery-and-classification.md). The event is raised after the batch completes and audits the entire batch or stored procedure text, as sent from the client, including the result.<br /><br />When configured at the database scope, `SENSITIVE_BATCH_COMPLETED_GROUP` only captures batches that originate from and complete execution in the current database context. Cross-database queries (for example, queries that originate from another database and access sensitive data in the current database) aren't captured when you configure the audit group on the current database. To ensure auditing coverage for cross-database access to sensitive data, enable `SENSITIVE_BATCH_COMPLETED_GROUP` in a server audit specification.<br /><br />**Applies to:** [!INCLUDE [sssql22-md](../../../includes/sssql22-md.md)] and later versions. |
 | `SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP` | Indicates that a principal successfully logged in to a contained database. |
 | `USER_CHANGE_PASSWORD_GROUP` | This event is raised whenever the password of a contained database user is changed by using the ALTER USER statement. |
 | `USER_DEFINED_AUDIT_GROUP` | This group monitors events raised by using [sp_audit_write](../../system-stored-procedures/sp-audit-write-transact-sql.md). |