Welcome Guest ( Log In | Register )


 
 
 
 
 
 

 
 
Oracle 

Performance Tuning Reference poster
 
Oracle training in Linux 

commands
 
Oracle training Weblogic Book
 
Easy Oracle Jumpstart
 
Oracle training & performance tuning books
 
Burleson Consulting Remote DB Administration
 
 
 
Reply to this topicStart new topic
> Unified Auditing of disabled Objects, Unified Auditing
hy.qube
post May 4 2017, 11:29 AM
Post #1


Advanced Member
***

Group: Members
Posts: 84
Joined: 17-May 14
From: London
Member No.: 49,627



Hi,

I am new to Unified Auditing but was wondering if there is a way to audit the disabling of an object. I have started quite simply

CREATE AUDIT POLICY TABLE_AUDIT
PRIVILEGES CREATE ANY TABLE, DROP ANY TABLE, ALTER ANY TABLE;
AUDIT POLICY TABLE_AUDIT;

CREATE AUDIT POLICY INDEX_AUDIT
PRIVILEGES CREATE ANY INDEX, DROP ANY INDEX, ALTER ANY INDEX;
AUDIT POLICY INDEX_AUDIT;

I thought I would also capture disabling/drop of all objects as well using

CREATE AUDIT POLICY DROP_DISABLE_AUDIT
ACTION DISABLE TRIGGERS, ENABLE TRIGGERS, DROP PACKAGE, DROP VIEW, DROP FUNCTION;
AUDIT POLICY DROP_DISABLE_AUDIT;

Unfortunately I get:

SQL> CREATE AUDIT POLICY DROP_DISABLE_AUDIT
2 ACTION DISABLE TRIGGERS, ENABLE TRIGGERS, DROP PACKAGE, DROP VIEW, DROP FUNCTION;
CREATE AUDIT POLICY DROP_DISABLE_AUDIT
*
ERROR at line 1:
ORA-46373: Audit policy 'DROP_DISABLE_AUDIT' must have at least one audit
option.

Can anyone direct me to correct documentation around unified auditing?

Thanks

Hakan
Go to the top of the page
 
+Quote Post
hy.qube
post May 4 2017, 11:52 AM
Post #2


Advanced Member
***

Group: Members
Posts: 84
Joined: 17-May 14
From: London
Member No.: 49,627



Actually. If someone disables a table trigger using

alter table TEST disable triggers will be captured by

CREATE AUDIT POLICY TABLE_AUDIT
PRIVILEGES CREATE ANY TABLE, DROP ANY TABLE, ALTER ANY TABLE;

I am not sure if it will capture

alter trigger TEST_TRIGGER disable;

Hakan
Go to the top of the page
 
+Quote Post
burleson
post May 6 2017, 09:40 AM
Post #3


Advanced Member
***

Group: Members
Posts: 13,409
Joined: 26-January 04
Member No.: 13



Hi Hakan,

I hope that you are doing well!

>> ORA-46373: Audit policy 'DROP_DISABLE_AUDIT' must have at least one audit

A DISABLE statement is DDL and you should be able to capture DDL in unified auditing:

http://www.dba-oracle.com/security/fga_enhancements.htm

ORA-46373: Audit policy 'string' must have at least one audit option.

Cause: An attempt was made to create, alter or enable the empty audit policy.

Action: Use at least one audit option in the audit policy.


***********************************************************************

>> I am not sure if it will capture alter trigger TEST_TRIGGER disable;

Test it and see!







--------------------
Hope this helps. . .

Donald K. Burleson
Oracle Press author
Author of Oracle Tuning: The Definitive Reference
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Lo-Fi Version Time is now: 22nd May 2017 - 06:15 PM