Oracle fine-grained audit and oracle fine-grained Audit
Take the scott user's emp table as an Example
---- Add a policy
Begin
DBMS_FGA.ADD_POLICY (
Object_schema => 'Scott ',
Object_name => 'emp ',
Policy_name => 'mydomainy1 ',
Handler_schema => NULL,
Handler_module => NULL,
Enable => TRUE,
Statement_types => 'insert, UPDATE, delete ',
Audit_column_opts => DBMS_FGA.ANY_COLUMNS );
End;
---- Enable policy
Begin
DBMS_FGA.ENABLE_POLICY (
Object_schema => 'Scott ',
Object_name => 'emp ',
Policy_name => 'mydomainy1 ',
Enable => TRUE );
End;
Select * from dba_fga_audit_trail;
Select * from dba_audit_policies;
Select db_user, timestamp, SQL _text, SQL _bind from dba_fga_audit_trail; -- Audit Result
SELECT text FROM dba_Views where view_name = upper ('dba _ FGA_AUDIT_TRAIL '); -- view records
---- Deletion policy
Begin
Dbms_fga.drop_policy (
Object_schema => 'Scott ',
Object_name => 'emp ',
Policy_name => 'mydomainy1'
);
End;
Differences between Oracle coarse-grained audit and fine-grained Audit
You can use fine-grained auditing to monitor specific database activities, such as actions on a database table or times that activities occur. for example, you can audit a table accessed after p. m.
It can be understood literally. The fine granularity is higher than the coarse granularity, and the audit dimension is deeper.
In oracle, how does one set and record user operations? (Such as adding, deleting, querying, modifying, and other operations of system users)
You can use the audit function of ORACLE. Audit includes the following types: (1) System Administrator audit (with sysdba permissions ): it records all administrator operations in an operating system directory in ascii format. you can set a parameter in system parameters. (2) Database Audit: This is the audit of some operations of the landlord at ordinary times. It can be recorded in a data dictionary table or in a file. You can configure it as needed, the setting method is to modify system parameters. (3) fine-grained audit: The audit granularity reaches the level of a field in the IP address, host, and table structure. the setting method calls an oracle package, which has different methods to set audit. the above is just a brief introduction. For specific operations, refer to Baidu's great gods. The setting is very simple. take database audit as an example: After the audit switch is enabled, you can directly create table in audit. Then, when creating a table, your operations will be recorded. hope to help you.