1.STANDARD AUDITING(FOCUS ON DBA)
Standard auditing is enabled by default after installation.It records login,startup,shutdown information about database instance only.
If I intend to enable auditing operations done by DBA.I should modify parameter “audit_sys_operations” to TRUE and that’s a static parameter.
1:SQL> alter system set audit_sys_operations=TRUEscope=spfile;
The result location is determined by parameter “audit_file_dest”.
2.STANDARD AUDITING(FOCUS ON COMMON USER)
1st: One intending to enable auditing on objects owned by oneself is not required to be authorized.However One wanna audit others objects should be granted sys privilege “audit any”.
2nd:Parameter “AUDIT_TRAIL”:NONE(not auditing) | OS (results are stored in OS) | DB (results are stored in DB) | XML (results are stored in OS with XML form) | DB,XML + EXTEND (results include values of binding variables)
Experiments:
A)STATEMENT AUDITING
1: AUDIT CREATETABLEBY SCOTT;
2:SELECT USER_NAME,AUDIT_OPTION FROM DBA_STMT_AUDIT_OPTS WHERE USER_NAME='SCOTT';
3: CONN SCOTT/TIGER;4:CREATETABLE A ASSELECT * FROM EMP;
5: CONN / AS SYSDBA;
6:SELECT USERNAME,ACTION_NAME,OBJ_NAME,TO_CHAR(TIMESTAMP,'YYYY-MM-DD HH24:MI:SS'FROM DBA_AUDIT_TRAIL WHERE USERNAME='SCOTT';
B)SYSPRIV AUDITING(OMITTED)
C)OBJECT AUDITING
1: CONN / AS SYSDBA;
2: AUDIT SELECTON SCOTT.A;
3:GRANTSELECTON SCOTT.A TO HR;
4: CONN HR/HR;5:SELECT * FROM SCOTT.A WHERE SAL>2000;
6: CONN / AS SYSDBA;
7:SELECT USERNAME,ACTION_NAME,OBJ_NAME,TO_CHAR(TIMESTAMP,'YYYY-MM-DD HH24:MI:SS'FROM DBA_AUDIT_TRAIL;
Note:DBA_AUDIT_TRAIL is a view based on SYS.AUD$.
3.FINE-GRAINED AUDITING
Standard auditing cannot show details about executed SQL commands.Oracle provide FGA(fine-grained auditing) to solve this problem.
The results are stored in table SYS.FGA_LOG$.
Experiments:
A)CREATE FGA POLICY:
1: CONN / AS SYSDBA;
2:GRANTEXECUTEON DBMS_FGA TO SCOTT;
3: CONN SCOTT/TIGER;4:BEGIN
5: DBMS_FGA.ADD_POLICY (6: OBJECT_SCHEMA=>'SCOTT',
7: OBJECT_NAME=>'EMP',
8: POLICY_NAME=>'SCOTT_EMP'
9: );10:END;
11: /B)QUERY EXISTED POLICIES:
1:SELECT * FROM DBA_AUDIT_POLICIES;
C)QUERY AUDITING RESULTS:
1:SELECT TO_CHAR(TIMESTAMP,'YYYY-MM-DD HH24:MI:SS'),DB_USER,OBJECT_SCHEMA,OBJECT_NAME,POLICY_NAME,SQL_TEXT FROM DBA_FGA_AUDIT_TRAIL;
Note:DBA_FGA_AUDIT_TRAIL is a view based on SYS.FGA_LOG$.
D)ADDITIONAL POLICY PARAMETER:audit_column(specify auditing column)|audit_condition(specify auditing condition) | statement_type(SELECT,INSERT,DELETE,UPDATE and default is SELECT)
E)DELETE POLICIES:
1:BEGIN
2: DBMS_FGA.DROP_POLICY(3: OBJECT_SCHEMA=>'SCOTT',
4: OBJECT_NAME=>'EMP',
5: POLICY_NAME=>'SCOTT_EMP'
6: );7:END;