||Oracle Tips by Burleson
Chapter 11 Oracle Fine Grained Auditing
The central mechanism for the FGA is
implemented in the package dbms_fga, where all the APIs are defined.
Typically, a user other than SYS is given the responsibility of
maintaining these policies. With the convention followed earlier, we
will go with the user SECUSER, who is entrusted with much of the
security features championed in this book. The following statement
grants the user SECUSER enough authority to create and maintain the
on dbms_fga to secuser
The biggest problem with this package is that
the polices are not like regular objects with owners. While a user
with execute permission on this package can create policies, he or
she can drop policies created by another user, too. This makes it
extremely important to secure this package and limit the use to only
a few users who are called to define the policies, such as SECUSER,
a special user used in examples throughout this book.
Now, let’s explore the procedures in the
package in detail.
We saw earlier how to add a policy to a table
or view, but only three parameters of the procedure were used. There
are several other very important parameters, as described below.
requirements generally call for specific auditing, not a broad
record-everything policy. For instance, you may want to audit only
when someone selects claims for
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: