Unified Auditing Policy

1. Audit policy is a set of audit options for auditing database users

2. Create an audit policy needs to be granted the Audit_admin role (create Audit policy ...)

3. Create an audit policy at the CDB, PDB level

4. The audit strategy will not take effect until it is allowed. Standard non-policy audits are not affected by enable/disable

5. Create an audit policy you must specify the audit options at the system level or at the object level

-System level:

Privilege Audit Options Audit all events;action Audit Options Audit Database operations that need to be audited, such as alter trigger;role audit option Audit is directly granted Mgr_role permissions

The privilege, action, and role options can be included in the same policy. System-level audit options to view the Sys.auditable_system_actions table

Sql> Create Audit Policy audit_mixed_po01 privileges drop any table roles emp_role;      Sql> select * from Sys.auditable_system_actions; TYPE COMPONENT ACTION NAME-------------------------------------------------------------------- ----------------------------------------------4 Standard 1 CREATE TABLE 4 Standard 2 inserts 4 standard 3 SELECT 4 Stan         Dard 4 CREATE CLUSTER 4 standard 5 ALTER CLUSTER         4 standard 6 UPDATE 4 standard 7 DELETE          4 Standard 8 DROP CLUSTER 4 Standard 9 CREATE INDEX 4 Standard DROP INDEX 4 standard one ALTER InchDEX 4 Standard DROP TABLE 4 standard CRE                               ATE SEQUENCE 4 Standard ALTER SEQUENCE 4 standard                               ALTER TABLE 4 Standard-DROP SEQUENCE 4 Standard                               CREATE synonym 4 standard DROP synonym 4 standard                               CREATE View 4 Standard DROP VIEW 4 standard         VALIDATE INDEX 4 Standard CREATE PROCEDURE 4 Standard ALTER PROCEDURE 4 standard-LOCK TAB         LE 4 Standard RENAME 4 COMMENT      4 Standard                         CREATE Database link 4 standard DROP DATABASE link 4 Standard-ALTER DATABASE 4 Standard creat                               E ROLLBACK SEGMENT 4 standard Notoginseng ALTER ROLLBACK SEGMENT 4 Standard         The DROP ROLLBACK SEGMENT 4 Standard, CREATE tablespace 4 Standard-ALTER tablespace 4 standard, DROP TA                               Blespace 4 Standard-ALTER SESSION 4 Standard                               ALTER USER 4 Standard, COMMIT 4 standard                               ROLLBACK 4 Standard SavePoint 4   TRANSACTION SET      4 Standard, ALTER SYSTEM 4 Standard EXPLAIN 4 Standard-CREATE USER 4 Standard creat E ROLE 4 Standard the DROP USER 4 standard D ROP role 4 Standard SET ROLE 4 standard 56                               CREATE SCHEMA 4 Standard, ALTER tracing 4 standard                               TRIGGER 4 Standard ALTER TRIGGER 4 standard                               TRIGGER DROP 4 Standard ANALYZE TABLE 4 standard ANALYZE INDEX 4 Standard ANALYZE CLUSTER 4                Standard               4 Standard, DROP profile 4 4 Standard PROCEDURE DROP 4 Sta Ndard ALTER RESOURCE cost 4 standard CREATE MATE                               Rialized View Log 4 standard ALTER materialized view Log 4 standard Materialized VIEW LOG 4 standard MATERIA CREATE                               Lized View 4 Standard, ALTER materialized view 4 standard                                DROP materialized VIEW 4 standard for CREATE TYPE 4 standard DROP TYPE 4 standard + ALTER ROLE 4 stand                     Ard          ALTER Type 4 Standard Bayi CREATE TYPE BODY 4 Standard Standa ALTER Type Body 4 standard the DROP type Body 4         Rd. DROP LIBRARY 4 Standard TRUNCATE TABLE 4 Standard-TRUNCATE CLUSTER 4 standard, ALTER V Iew 4 Standard SET CONSTRAINTS 4 standard 9                               1 CREATE FUNCTION 4 Standard, ALTER function 4 standard                               94 DROP FUNCTION 4 Standard, CREATE package 4 The ALTER Package 4 standard, DROP package 4 Standar                       D        The 98 ALTER package Body 4 standard for the $ CREATE Package Body 4         DROP Package BODY 4 Standard 157 CREATE DIRECTORY  4 Standard 158 DROP DIRECTORY 4 159 CREATE LIBRARY 4 Standard-CREATE JAVA 4 Standard 1                              4 ALTER Java standard 162 DROP Java 4 standard                              163 Create OPERATOR 4 Standard 164 create Indextype 4 standard                               165 DROP Indextype 4 Standard 166 ALTER Indextype 4 Standard         167 DROP OPERATOR 4 standard 168 ASSOCIATE STATISTICS       4 Standard                       169 Disassociate STATISTICS 4 standard, call METHOD 4 Standard 171 CREATE SUMMARY 4 Standard 172 ALTER SUMM ARY 4 Standard 173 DROP SUMMARY 4 Standard 174 C                              Reate DIMENSION 4 Standard 175 ALTER DIMENSION 4 Standard                              176 DROP DIMENSION 4 Standard 177 CREATE CONTEXT 4 Standard 178 DROP CONTEXT 4 Standard 179 ALTER OUTLINE 4 Standar         D-Delta CREATE OUTLINE 4 Standard 181 DROP OUTLINE 4 Standard 182 UPDATE INDEXES 4 standard 183 ALTER OPER Ator 4 Standard                             184 Do not use 184 4 standard 185 does not use 185 4 Standard 186 Don't use 186 4 standard 187 CREATE SPF ILE 4 Standard 188 CREATE PFILE 4 Standard C                              Hange PASSWORD 4 Standard 191 UPDATE JOIN INDEX 4 Standard                              192 alter SYNONYM 4 standard 193 alter DISK GROUP 4 standard         194 CREATE Disk Group 4 standard 195 DROP DISK Group 4 Standard 196 ALTER LIBRARY 4 standard 197 PURGE USER R                              Ecyclebin 4 Standard 198 PURGE DBA RecycleBin 4 Standard 199 PURGE TABLESPACE 4 Standard PURGE TABLE 4 standard 201                              PURGE INDEX 4 Standard 202 Undrop OBJECT 4 standard                              205 FLASHBACK TABLE 4 Standard 206 CREATE RESTORE point 4 Standard  207 DROP RESTORE point 4 Standard 212 CREATE EDITION 4         Standard 214 Drop EDITION 4 standard 215 Drop ASSEMBLY 4 Standard 216 CREATE ASSEMBLY 4 Standard 217 AL                              TER ASSEMBLY 4 Standard 218 CREATE FLASHBACK ARCHIVE 4 Standard         219 ALTER FLASHBACK ARCHIVE 4 standard DROP FLASHBACK ARCHIVE         4 Standard                     222 CREATE schema synonym 4 standard 224 DROP SCHEMA synonym 4 Standard 225 ALTER DATABASE LINK 4 Standard 226 C                              Reate pluggable Database 4 standard 227 ALTER pluggable Database 4 standard 228 DROP pluggable DATABASE 4 standard 229 CREATE AUDIT P                              OLICY 4 Standard ALTER AUDIT POLICY 4                              231 DROP AUDIT POLICY 4 standard 238 administer KEY MANAGEMENT 4 standard 239 CREATE materialized Zonemap 4 standard ALTER MAT                               Erialized Zonemap 4 Standard 241 DROP materialized Zonemap 4 standard 17 GRANT 4 Standard REVOKE 4 standard AUD         IT 4 Standard-Noaudit 4 standard LOGON         4 Standard 101 LOGOFF 4 standard EXECUTE 4 Standard 189 MERGE 4 standard 242 all 8 La         Bel Security 1 APPLY policy 8 Label Security 2 REMOVE Policy 8 Label Security 3 SET AUTHORIZATION 8 Label Security 4 PRI                          Vileged ACTION 8 Label Security 5 ENABLE POLICY 8 label Security                          6 DISABLE POLICY 8 label Security 7 SUBSCRIBE OID 8 label Security 8 UNSUBSCRIBE OID 8 Label Security 9 CREATE DATA label 8 label Security ALTER data label 8 label Security DROP data label 8 label Securit Y CREATE policy 8 Label Security ALTER policy 8 Labe L Security DROP POLICY 8 label Security-CREATE Label Compone                         NTS 8 Label Security-ALTER label Components 8 label Security                                      DROP Label Components 8 label Security + all 6 XS                                      1 CREATE User 6 xs 2 UPDATE USER 6 xs                                   3 DELETE USER 6 xs 4 CREATE ROLE 6 xs   5 UPDATE role 6 XS 6 DELETE role 6 XS                                      7 GRANT role 6 XS 8 REVOKE ROLE 6 xs                                     9 ADD Proxy 6 xs ten REMOVE PROXY 6 xs                                     One set user PASSWORD 6 xs set user VERIFIER 6 xs         CREATE Roleset 6 XS UPDATE Roleset 6 xs DELETE Roleset 6 xs CREA                                     TE Security Class 6 xs UPDATE SECURITY Class 6 XS         DELETE SECURITY CLASS 6 XS CREATE NAMESPACE TEMPLATE            6 XS                         UPDATE NAMESPACE TEMPLATE 6 XS DELETE NAMESPACE                                     TEMPLATE 6 xs CREATE ACL 6 xs                                     UPDATE ACL 6 xs DELETE ACL 6 XS                                     CREATE Data Security 6 XS UPDATE data Security 6 XS DELETE Data SECURITY 6 XS ENABLE data Securi                                     TY 6 xs DISABLE DATA SECURITY 6 xs                                     ADD Global CALLBACK 6 XS to DELETE global CALLBACK 6 xs         Enable GLOBAL CALLBACK 6 XS Enable ROLE               6 XS                      DISABLE ROLE 6 xs SET COOKIE 6 xs         SET INACTIVE TIMEOUT 6 XS CREATE SESSION 6 xs DESTROY SESSION 6 xs SWITC  H User 6 xs ASSIGN USER 6 XS 41                                     CREATE session NAMESPACE 6 XS DELETE SESSION NAMESPACE 6 xs CREATE NAMESPACE ATTRIBUTE 6 XS, GET Namesp                                     ACE ATTRIBUTE 6 xs SET NAMESPACE ATTRIBUTE 6 xs         NAMESPACE ATTRIBUTE 6 XS SET USER profile                  6 XS                   All DataPump 1 EXPORT datapump                          2 IMPORT datapump 3 all 7 Database Vault                          1 Realm violation 7 database Vault 2 Realm SUCCESS 7 Database Vault 3 REALM ACCESS 7 database Vault 4 RULE SET FAILURE 7 Database V         Ault 5 rule Set SUCCESS 7 Database Vault 6 rule set EVAL         7 Database Vault 7 FACTOR ERROR 7 Database Vault 8 FACTOR NULL                         7 Database Vault 9 FACTOR VALIDATE ERROR 7 Database Vault FACTOR VALIDATE FALSE 7 database Vault one FACTOR TRUST level NULL 7 Database V                    Ault     FACTOR TRUST level NEG 7 Database Vault FACTOR all Direct path API 1 LOAD One Direct path API 2 All

-Object level: is dynamic. The changes will take effect for both the current user and later users.

Sql> Create audit Policy audit_objpriv_po02 actions execute,grant on Hr.raise_salary_proc;  

-condition and Evaluation:

Unified Auditing Policy