 |
|
Oracle Tips by Burleson |
Chapter 8 General Oracle Auditing
The next entry corresponds to the selection from
claims. Without reproducing the entire picture, only the lines from
the event log are shown here.
Audit trail: ACTION : 'select * from
claim_schema.claims' DATABASE USER: 'sysdba1' PRIVILEGE : SYSDBA
CLIENT USER: ananda CLIENT TERMINAL: ANANDA1 STATUS: 0 .
Note how the exact action performed by the
user, i.e. “select * from claim_schema.claims” is recorded in
detail.
If the user SYSOPER1 connects as SYSOPER and
performs the same actions, the event log will record them also. In
UNIX, a file will be created in the OS Audit Log Directory that will
show the same information.
In the third case, we will see the effects of a
regular DBA user connecting normally, not as SYSDBA or SYSOPER.
connect regulardba1/regulardba1
select * from claim_schema.claims
/ If you check
the Event Log or the Audit File Destination Directory, there will be
no entries. Why so? The answer is simple – the sys auditing facility
is not for regular users; but for users who will bypass the normal
auditing. In the third case, if the auditing is set up, the actions
will be caught by the regular audit. Therefore
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|