Audit all insert, delete, update and select statements on a schema in Oracle 12.2
-
03-03-2021 - |
题
I cannot understand how to create a Unified Audit policy in order to audit all INSERT, UPDATE, DELETE and SELECT statements performed on all the objects within a specific schema.
The goal is to track the tables and views involved in a specific PL/SQL procedure for a reverse engineering task.
For what I understood from the documentation, the only option is to specify each table/view to track within the policy. Is there an "audit all objects within a schema" construct for the create audit policy statement?
解决方案
There is no "audit all objects" setting. In unified auditing, do the following:
-- create the policy
create audit policy my_policy actions all on hr.regions;
alter audit policy my_policy actions all on hr.locations;
...
-- enable the policy
audit policy my_policy;
if you have a schema with a lot of tables, you can use SQL to build your script with something like this:
select 'alter audit policy hr_policy actions all on '||owner||'.'||table_name||';'
from dba_tables
where owner in ('HR','OE');
其他提示
Creating a policy is not necessary
AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY hr, oe;
will do the job
The following AUDIT statements are not limited only to 1 schema, but to all.
AUDIT ALL BY USER_NAME BY ACCESS;
AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY USER_NAME BY ACCESS;
AUDIT EXECUTE,PROCEDURE BY USER_NAME BY ACCESS;
Keep in mind that your audit_trail has to be set to DB,EXTENDED
Check your current audit_trail setting with:
SHOW PARAMETER AUDIT;
If it's not set to DB,EXTENDED , you have to set it with:
alter system set audit_trail=db,extended scope=spfile;
In order the change of audit_trail take effect, you have to restart your DB instance.
You will find audit records in SYS.AUD$ afterwards.