1. Audit policy is a set of audit options for auditing database users
2. Create an audit policy needs to be granted the Audit_admin role (create Audit policy ...)
3. Create an audit policy at the CDB, PDB level
4. The audit strategy will not take effect until it is allowed. Standard non-policy audits are not affected by enable/disable
5. Create an audit policy you must specify the audit options at the system level or at the object level
-System level:
Privilege Audit Options Audit all events;action Audit Options Audit Database operations that need to be audited, such as alter trigger;role audit option Audit is directly granted Mgr_role permissions
The privilege, action, and role options can be included in the same policy. System-level audit options to view the Sys.auditable_system_actions table
Sql> Create Audit Policy audit_mixed_po01 privileges drop any table roles emp_role; Sql> select * from Sys.auditable_system_actions; TYPE COMPONENT ACTION NAME-------------------------------------------------------------------- ----------------------------------------------4 Standard 1 CREATE TABLE 4 Standard 2 inserts 4 standard 3 SELECT 4 Stan Dard 4 CREATE CLUSTER 4 standard 5 ALTER CLUSTER 4 standard 6 UPDATE 4 standard 7 DELETE 4 Standard 8 DROP CLUSTER 4 Standard 9 CREATE INDEX 4 Standard DROP INDEX 4 standard one ALTER InchDEX 4 Standard DROP TABLE 4 standard CRE ATE SEQUENCE 4 Standard ALTER SEQUENCE 4 standard ALTER TABLE 4 Standard-DROP SEQUENCE 4 Standard CREATE synonym 4 standard DROP synonym 4 standard CREATE View 4 Standard DROP VIEW 4 standard VALIDATE INDEX 4 Standard CREATE PROCEDURE 4 Standard ALTER PROCEDURE 4 standard-LOCK TAB LE 4 Standard RENAME 4 COMMENT 4 Standard CREATE Database link 4 standard DROP DATABASE link 4 Standard-ALTER DATABASE 4 Standard creat E ROLLBACK SEGMENT 4 standard Notoginseng ALTER ROLLBACK SEGMENT 4 Standard The DROP ROLLBACK SEGMENT 4 Standard, CREATE tablespace 4 Standard-ALTER tablespace 4 standard, DROP TA Blespace 4 Standard-ALTER SESSION 4 Standard ALTER USER 4 Standard, COMMIT 4 standard ROLLBACK 4 Standard SavePoint 4 TRANSACTION SET 4 Standard, ALTER SYSTEM 4 Standard EXPLAIN 4 Standard-CREATE USER 4 Standard creat E ROLE 4 Standard the DROP USER 4 standard D ROP role 4 Standard SET ROLE 4 standard 56 CREATE SCHEMA 4 Standard, ALTER tracing 4 standard TRIGGER 4 Standard ALTER TRIGGER 4 standard TRIGGER DROP 4 Standard ANALYZE TABLE 4 standard ANALYZE INDEX 4 Standard ANALYZE CLUSTER 4 Standard 4 Standard, DROP profile 4 4 Standard PROCEDURE DROP 4 Sta Ndard ALTER RESOURCE cost 4 standard CREATE MATE Rialized View Log 4 standard ALTER materialized view Log 4 standard Materialized VIEW LOG 4 standard MATERIA CREATE Lized View 4 Standard, ALTER materialized view 4 standard DROP materialized VIEW 4 standard for CREATE TYPE 4 standard DROP TYPE 4 standard + ALTER ROLE 4 stand Ard ALTER Type 4 Standard Bayi CREATE TYPE BODY 4 Standard Standa ALTER Type Body 4 standard the DROP type Body 4 Rd. DROP LIBRARY 4 Standard TRUNCATE TABLE 4 Standard-TRUNCATE CLUSTER 4 standard, ALTER V Iew 4 Standard SET CONSTRAINTS 4 standard 9 1 CREATE FUNCTION 4 Standard, ALTER function 4 standard 94 DROP FUNCTION 4 Standard, CREATE package 4 The ALTER Package 4 standard, DROP package 4 Standar D The 98 ALTER package Body 4 standard for the $ CREATE Package Body 4 DROP Package BODY 4 Standard 157 CREATE DIRECTORY 4 Standard 158 DROP DIRECTORY 4 159 CREATE LIBRARY 4 Standard-CREATE JAVA 4 Standard 1 4 ALTER Java standard 162 DROP Java 4 standard 163 Create OPERATOR 4 Standard 164 create Indextype 4 standard 165 DROP Indextype 4 Standard 166 ALTER Indextype 4 Standard 167 DROP OPERATOR 4 standard 168 ASSOCIATE STATISTICS 4 Standard 169 Disassociate STATISTICS 4 standard, call METHOD 4 Standard 171 CREATE SUMMARY 4 Standard 172 ALTER SUMM ARY 4 Standard 173 DROP SUMMARY 4 Standard 174 C Reate DIMENSION 4 Standard 175 ALTER DIMENSION 4 Standard 176 DROP DIMENSION 4 Standard 177 CREATE CONTEXT 4 Standard 178 DROP CONTEXT 4 Standard 179 ALTER OUTLINE 4 Standar D-Delta CREATE OUTLINE 4 Standard 181 DROP OUTLINE 4 Standard 182 UPDATE INDEXES 4 standard 183 ALTER OPER Ator 4 Standard 184 Do not use 184 4 standard 185 does not use 185 4 Standard 186 Don't use 186 4 standard 187 CREATE SPF ILE 4 Standard 188 CREATE PFILE 4 Standard C Hange PASSWORD 4 Standard 191 UPDATE JOIN INDEX 4 Standard 192 alter SYNONYM 4 standard 193 alter DISK GROUP 4 standard 194 CREATE Disk Group 4 standard 195 DROP DISK Group 4 Standard 196 ALTER LIBRARY 4 standard 197 PURGE USER R Ecyclebin 4 Standard 198 PURGE DBA RecycleBin 4 Standard 199 PURGE TABLESPACE 4 Standard PURGE TABLE 4 standard 201 PURGE INDEX 4 Standard 202 Undrop OBJECT 4 standard 205 FLASHBACK TABLE 4 Standard 206 CREATE RESTORE point 4 Standard 207 DROP RESTORE point 4 Standard 212 CREATE EDITION 4 Standard 214 Drop EDITION 4 standard 215 Drop ASSEMBLY 4 Standard 216 CREATE ASSEMBLY 4 Standard 217 AL TER ASSEMBLY 4 Standard 218 CREATE FLASHBACK ARCHIVE 4 Standard 219 ALTER FLASHBACK ARCHIVE 4 standard DROP FLASHBACK ARCHIVE 4 Standard 222 CREATE schema synonym 4 standard 224 DROP SCHEMA synonym 4 Standard 225 ALTER DATABASE LINK 4 Standard 226 C Reate pluggable Database 4 standard 227 ALTER pluggable Database 4 standard 228 DROP pluggable DATABASE 4 standard 229 CREATE AUDIT P OLICY 4 Standard ALTER AUDIT POLICY 4 231 DROP AUDIT POLICY 4 standard 238 administer KEY MANAGEMENT 4 standard 239 CREATE materialized Zonemap 4 standard ALTER MAT Erialized Zonemap 4 Standard 241 DROP materialized Zonemap 4 standard 17 GRANT 4 Standard REVOKE 4 standard AUD IT 4 Standard-Noaudit 4 standard LOGON 4 Standard 101 LOGOFF 4 standard EXECUTE 4 Standard 189 MERGE 4 standard 242 all 8 La Bel Security 1 APPLY policy 8 Label Security 2 REMOVE Policy 8 Label Security 3 SET AUTHORIZATION 8 Label Security 4 PRI Vileged ACTION 8 Label Security 5 ENABLE POLICY 8 label Security 6 DISABLE POLICY 8 label Security 7 SUBSCRIBE OID 8 label Security 8 UNSUBSCRIBE OID 8 Label Security 9 CREATE DATA label 8 label Security ALTER data label 8 label Security DROP data label 8 label Securit Y CREATE policy 8 Label Security ALTER policy 8 Labe L Security DROP POLICY 8 label Security-CREATE Label Compone NTS 8 Label Security-ALTER label Components 8 label Security DROP Label Components 8 label Security + all 6 XS 1 CREATE User 6 xs 2 UPDATE USER 6 xs 3 DELETE USER 6 xs 4 CREATE ROLE 6 xs 5 UPDATE role 6 XS 6 DELETE role 6 XS 7 GRANT role 6 XS 8 REVOKE ROLE 6 xs 9 ADD Proxy 6 xs ten REMOVE PROXY 6 xs One set user PASSWORD 6 xs set user VERIFIER 6 xs CREATE Roleset 6 XS UPDATE Roleset 6 xs DELETE Roleset 6 xs CREA TE Security Class 6 xs UPDATE SECURITY Class 6 XS DELETE SECURITY CLASS 6 XS CREATE NAMESPACE TEMPLATE 6 XS UPDATE NAMESPACE TEMPLATE 6 XS DELETE NAMESPACE TEMPLATE 6 xs CREATE ACL 6 xs UPDATE ACL 6 xs DELETE ACL 6 XS CREATE Data Security 6 XS UPDATE data Security 6 XS DELETE Data SECURITY 6 XS ENABLE data Securi TY 6 xs DISABLE DATA SECURITY 6 xs ADD Global CALLBACK 6 XS to DELETE global CALLBACK 6 xs Enable GLOBAL CALLBACK 6 XS Enable ROLE 6 XS DISABLE ROLE 6 xs SET COOKIE 6 xs SET INACTIVE TIMEOUT 6 XS CREATE SESSION 6 xs DESTROY SESSION 6 xs SWITC H User 6 xs ASSIGN USER 6 XS 41 CREATE session NAMESPACE 6 XS DELETE SESSION NAMESPACE 6 xs CREATE NAMESPACE ATTRIBUTE 6 XS, GET Namesp ACE ATTRIBUTE 6 xs SET NAMESPACE ATTRIBUTE 6 xs NAMESPACE ATTRIBUTE 6 XS SET USER profile 6 XS All DataPump 1 EXPORT datapump 2 IMPORT datapump 3 all 7 Database Vault 1 Realm violation 7 database Vault 2 Realm SUCCESS 7 Database Vault 3 REALM ACCESS 7 database Vault 4 RULE SET FAILURE 7 Database V Ault 5 rule Set SUCCESS 7 Database Vault 6 rule set EVAL 7 Database Vault 7 FACTOR ERROR 7 Database Vault 8 FACTOR NULL 7 Database Vault 9 FACTOR VALIDATE ERROR 7 Database Vault FACTOR VALIDATE FALSE 7 database Vault one FACTOR TRUST level NULL 7 Database V Ault FACTOR TRUST level NEG 7 Database Vault FACTOR all Direct path API 1 LOAD One Direct path API 2 All
-Object level: is dynamic. The changes will take effect for both the current user and later users.
Sql> Create audit Policy audit_objpriv_po02 actions execute,grant on Hr.raise_salary_proc;
-condition and Evaluation:
Unified Auditing Policy