標籤:
Oracle9i Database 推出了一種稱為細粒度審計 (FGA) 的新特性。現在下面就利用FGA實現審計對錶的審計。其中,EDMS是資料庫的一個測試帳戶。
1. 建立測試表(使用者EDMS下)
Create Table T_AUDIT_DEMO
(
CID INT NOT NULL,
CNAME VARCHAR2(20) NULL,
ENAME VARCHAR2(20) NULL,
CONSTRAINT PK_T_AUDIT_DEMO PRIMARY KEY (CID)
);
2. 建立審計策略(使用者SYS下)
begin
dbms_fga.add_policy
(
object_schema=>‘EDMS‘,
object_name=>‘T_AUDIT_DEMO‘,
policy_name=>‘T_AUDIT_DEMO_AUDIT‘
);
end;
3. 測試審計效果(使用者EDMS下)
INSERT INTO T_AUDIT_DEMO VALUES(1,‘曾勳‘,‘ZENG XUN‘);
INSERT INTO T_AUDIT_DEMO VALUES(2,‘翁黎明‘,‘WENG LI MING‘);
INSERT INTO T_AUDIT_DEMO VALUES(3,‘劉帝勇‘,‘LIU DI YONG‘);
4. 使用Select查詢測試表(使用者EDMS下)
SQL> SELECT * FROM T_AUDIT_DEMO;
CID CNAME ENAME
----- -------------------- -------
1 曾勳 ZENG XUN
2 翁黎明 WENG LI MING
3 劉帝勇 LIU DI YONG
5. 再次查看審計效果(使用者SYS下)
SQL> select statement_type,SQL_TEXT from dba_fga_audit_trail;
STATEMENT_TYPE SQL_TEXT
-------------- -----------
SELECT SELECT * FROM T_AUDIT_DEMO
注意:之前的Insert語句並不在審計中。預設的只對Select進行審計。在Oracle 9i中它只捕獲 SELECT 語句。而在Oracle 10i中進行了擴充,支援對所有類型的DML進行審計。
6. 修改審計粒度(使用者SYS下)
--不能重名,刪除審計:
begin
dbms_fga.drop_policy
(
object_schema=>‘EDMS‘,
object_name=>‘T_AUDIT_DEMO‘,
policy_name=>‘T_AUDIT_DEMO_AUDIT‘
);
end;
--重新添加:
begin
dbms_fga.add_policy
(
object_schema=>‘EDMS‘,
object_name=>‘T_AUDIT_DEMO‘,
policy_name=>‘T_AUDIT_DEMO_AUDIT‘,
statement_types=>‘INSERT, UPDATE, DELETE, SELECT‘
);
end;
注意:不能實現對Truncat Table的審計。
7. 測試審計(使用者EDMS、SYS下)
INSERT INTO T_AUDIT_DEMO VALUES(4,‘黃智洪‘,‘HUANG ZHI HONG‘);
DELETE FROM T_AUDIT_DEMO WHERE CID < 4;
SQL> select statement_type,SQL_TEXT from dba_fga_audit_trail;
STATEMENT_TYPE SQL_TEXT
-------------- --------------------
SELECT SELECT * FROM T_AUDIT_DEMO
INSERT INSERT INTO T_AUDIT_DEMO VALUES(4,‘黃智洪‘,‘HUANG ZHI HONG‘)
DELETE DELETE FROM T_AUDIT_DEMO WHERE CID < 4
SELECT SELECT * FROM T_AUDIT_DEMO
至此,我們已經實現了對錶T_AUDIT_DEMO的審計。與FGA相關的表或者視圖:
select * from fga$
select * from fga_log$
select * from fgacol$
select * from dba_fga_audit_trail
select * from dba_common_audit_trail
select * from dba_audit_policies
select * from dba_fga_audit_trail
與FGA相關的包或者過程:
dbms_fga.add_policy
dbms_fga.drop_policy
oracle細粒度(fga)審核
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
