||Oracle Tips by Burleson
Chapter 11 Oracle Fine Grained Auditing
Here a procedure named EMAILER, owned by
SECUSER, is defined as the handler module. When the audit condition
is satisfied on the table, the procedure EMAILER is automatically
called. Imagine this as a trigger on the select statement.
Ordinarily, triggers are based on some transactional statements such
as insert, update, delete, etc.; but this is an example where the
concept of triggers can be extended to the select statements, too.
The handler functions are useful in many cases.
In the above definition, we can place some logic inside the
procedure EMAILER to check other conditions, such as coming from a
specific IP Address, and generating emails to alert someone on
possible unauthorized access.
An important point to note here is that the
handler procedure may be defined in another schema, not necessarily
in the same one as that of the table. This ability is particularly
well suited for secured applications since no user need be given
execute privilege on this procedure, and hence no user can call this
procedure independently to create serious damage.
The ability of the handler procedure to execute
when an audit condition is satisfied can be exploited by creating a
user-defined audit functionality as shown later in this chapter.
A table may have several
FGA policies defined on it. All the policies are independently
evaluated and handled. For all the policies in which the conditions
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: