Home arrow Oracle arrow Page 2 - Auditing to Secure Oracle Database XE

Privilege Auditing - Oracle

In this conclusion to a ten-part article series on securing Oracle Database XE, you will learn about statement auditing, privilege auditing, and more. This article is excerpted from chapter 31 of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

TABLE OF CONTENTS:
  1. Auditing to Secure Oracle Database XE
  2. Privilege Auditing
  3. Protecting the Audit Trail
By: Apress Publishing
Rating: starstarstarstarstar / 2
February 10, 2011

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Auditing system privileges using the AUDIT command has the same basic syntax as statement auditing, except that system privileges are specified in the sql_statement_clause  instead of statements.

For example, you may wish to grant theALTER TABLESPACEprivilege to all your DBAs but you want to generate an audit record when this happens. The command to enable auditing on this privilege looks similar to statement auditing:

SQL> audit alter tablespace by access whenever successful;
Audit succeeded.

Every time theALTER TABLESPACEprivilege is successfully used, a row is added toSYS.AUD$.

Special auditing is available to enable you to track system administratorsí use of theSYSDBAandSYSOPERprivileges. To enable this extra level of auditing, set the initialization parameterAUDIT_SYS_OPERATIONStoTRUE. The audit records are sent to the same location as the operating system audit records; therefore, this location is operating-system-dependent. All SQL statements executed while using one of these privileges, as well as any SQL statements executed as the userSYS, are sent to this operating system audit location.

Schema Object Auditing

Auditing access to various schema objects using the AUDIT command looks similar to statement and privilege auditing:

AUDIT command looks similar to statement and privilege auditing:Auditing access to various schema objects using the AUDIT command looks similar to statement and privilege auditing:

AUDIT schema_object_clause BY {SESSION | ACCESS}
     WHENEVER [NOT] SUCCESSFUL;

Theschema_object_clause specifies a type of object access and the object being accessed. You can audit 13 different types of operations on specific objects; they are listed in Table 31-15.

Table 31-15. Object Auditing Options  

Object Option

Description

ALTER

Alters a table, sequence, or materialized view

AUDIT

Audits commands on any object

COMMENT

Adds comments to tables, views, or materialized views

DELETE

Deletes rows from a table, view, or materialized view

FLASHBACK

Performs flashback operation on a table or view

GRANT

Grants privileges on any type of object

INDEX

Creates an index on a table or materialized view

INSERT

Inserts rows into a table, view, or materialized view

LOCK

Locks a table, view, or materialized view

READ

Performs a read operation on the contents of a DIRECTORYobject

RENAME

Renames a table, view, or procedure

SELECT

Selects rows from a table, view, sequence, or materialized view

UPDATE

Updates a table, view, or materialized view

 

 

If you wish to audit allINSERTandUPDATEcommands on theHR.JOBStable, regardless of who is doing the update, every time the action occurs, you can use theAUDITcommand as follows:

SQL> audit insert, update on hr.jobs by access whenever successful;
Audit successful.



 
 
>>> More Oracle Articles          >>> More By Apress Publishing
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

ORACLE ARTICLES

- Oracle Java Security Woes Continue
- Oracle's New IaaS Cloud Option: There's a Ca...
- Oracle Acquires Eloqua to Boost Cloud Presen...
- Choosing Innovation: Oracle Survey Insights
- Oracle Fixes Privilege Escalation Bug
- Oracle`s Communications Service Availability...
- Oracle Releases Exalytics, Taleo Plans
- Oracle Releases Communications Network Integ...
- Oracle Releases Communications Data Model 11...
- Oracle Releases PeopleSoft PeopleTools 8.52
- Oracle Integrates Cloudera Apache Distro, My...
- Oracle Releases MySQL 5.5.18
- Oracle Announces NoSQL Database Availability
- Sorting Database Columns With the SELECT Sta...
- Retrieving Table Data with the LIKE Operator

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: