Oracle FGA fine-grained audit and oraclefga fine-grained Audit

Oracle FGA fine-grained audit and oraclefga fine-grained Audit

If you want to audit the table, it is a good choice to use FGA for a certain period of time, persons and DML statements.

SQL> select * from v $ version;
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0-64bit Production
PL/SQL Release 11.2.0.1.0-Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0-Production
NLSRTL Version 11.2.0.1.0-Production

SQL> drop table test purge;

SQL> create table test as select * from dba_objects;

SQL> exec DBMS_FGA.ADD_POLICY (object_schema => 'lcam _ test', object_name => 'test', policy_name => 'fga _ 1', enable => TRUE, statement_types => 'Update, delete', audit_trail => DBMS_FGA.DB + DBMS_FGA.EXTENDED, audit_column_opts => segments); -- statement_types can be set to select, insert, delete, UPDATE

SQL> col SQL _TEXT format a80
SQL> select SQL _TEXT, TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;

SQL> update test set subobject_name = object_id where rownum = 1;
SQL> select SQL _TEXT, TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;
Update test set subobject_name = object_id where rownum = 1 month-12-14

SQL> update test set subobject_name = object_id where rownum <100; -- you can see that the audit is performed according to SQL statements, not by row Change audit.
SQL> select SQL _TEXT, TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;
Update test set subobject_name = object_id where rownum <100-14
Update test set subobject_name = object_id where rownum = 1 month-12-14

SQL> delete from sys. fga_log $;
SQL> commit;
SQL> select SQL _TEXT, TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;

SQL>

There are also ways to invalidate, activate, and delete audits:

Exec DBMS_FGA.DISABLE_POLICY (object_schema => 'lcam _ test', object_name => 'test', policy_name => 'fga _ 1 ');
Exec DBMS_FGA.ENABLE_POLICY (object_schema => 'lcam _ test', object_name => 'test', policy_name => 'fga _ 1 ');
Exec DBMS_FGA.DROP_POLICY (object_schema => 'lcam _ test', object_name => 'test', policy_name => 'fga _ 1 ');

The official document is located:

Oracle Database PL/SQL Packages and Types Reference 11GRelease 2 (11.2) DBMS_FGA

Table 66-2 ADD_POLICY Procedure Parameters

Parameter	Description	Default Value
object_schema	The schema of the object to be audited.(If NULL, the current log-on user schema is assumed.)	NULL
object_name	The name of the object to be audited.	-
policy_name	The unique name of the policy.	-
audit_condition	A condition in a row that indicates a monitoring condition.NULLIs allowed and actsTRUE.	NULL
audit_column	The columns to be checked for access. These can include OLS hidden columns or object type columns. The default,NULL, Causes audit if any column is accessed or affected.	NULL
handler_schema	The schema that contains the event handler. The default,NULL, Causes the current schema to be used.	NULL
handler_module	The function name of the event handler; Parameters des the package name if necessary. this function is invoked only after the first row that matches the audit condition in the query is processed. if the procedure fails with an exception, the user SQL statement will fail as well.	NULL
enable	Enables the policy if TRUE, which is the default.	TRUE
statement_types	The SQL statement types to which this policy is applicable:INSERT,UPDATE,DELETE, OrSELECTOnly.	SELECT
audit_trail	Destination (DB or XML) of fine grained audit records. Also specifies whether to populateLSQLTEXTAndLSQLBINDInfga_log$.	DB+EXTENDED
audit_column_opts	Establishes whether a statement is audited when the query referencesany column specified in the audit_column parameter or only when allsuch columns are referenced.	ANY_COLUMNS