||Oracle Tips by Burleson
Chapter 8 General Oracle Auditing
The next entry corresponds to the selection from
claims. Without reproducing the entire picture, only the lines from
the event log are shown here.
Audit trail: ACTION : 'select * from
claim_schema.claims' DATABASE USER: 'sysdba1' PRIVILEGE : SYSDBA
CLIENT USER: ananda CLIENT TERMINAL: ANANDA1 STATUS: 0 .
Note how the exact action performed by the
user, i.e. “select * from claim_schema.claims” is recorded in
If the user SYSOPER1 connects as SYSOPER and
performs the same actions, the event log will record them also. In
UNIX, a file will be created in the OS Audit Log Directory that will
show the same information.
In the third case, we will see the effects of a
regular DBA user connecting normally, not as SYSDBA or SYSOPER.
connect regulardba1/regulardba1If you check
the Event Log or the Audit File Destination Directory, there will be
no entries. Why so? The answer is simple – the sys auditing facility
is not for regular users; but for users who will bypass the normal
auditing. In the third case, if the auditing is set up, the actions
will be caught by the regular audit. Therefore
select * from claim_schema.claims
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: