Home arrow Oracle arrow Page 2 - Auditing to Secure Oracle Database XE

Privilege Auditing - Oracle

In this conclusion to a ten-part article series on securing Oracle Database XE, you will learn about statement auditing, privilege auditing, and more. This article is excerpted from chapter 31 of the book Beginning PHP and Oracle: From Novice to Professional, written by W. Jason Gilmore and Bob Bryla (Apress; ISBN: 1590597702).

  1. Auditing to Secure Oracle Database XE
  2. Privilege Auditing
  3. Protecting the Audit Trail
By: Apress Publishing
Rating: starstarstarstarstar / 2
February 10, 2011

print this article



Auditing system privileges using the AUDIT command has the same basic syntax as statement auditing, except that system privileges are specified in the sql_statement_clause  instead of statements.

For example, you may wish to grant theALTER TABLESPACEprivilege to all your DBAs but you want to generate an audit record when this happens. The command to enable auditing on this privilege looks similar to statement auditing:

SQL> audit alter tablespace by access whenever successful;
Audit succeeded.

Every time theALTER TABLESPACEprivilege is successfully used, a row is added toSYS.AUD$.

Special auditing is available to enable you to track system administratorsí use of theSYSDBAandSYSOPERprivileges. To enable this extra level of auditing, set the initialization parameterAUDIT_SYS_OPERATIONStoTRUE. The audit records are sent to the same location as the operating system audit records; therefore, this location is operating-system-dependent. All SQL statements executed while using one of these privileges, as well as any SQL statements executed as the userSYS, are sent to this operating system audit location.

Schema Object Auditing

Auditing access to various schema objects using the AUDIT command looks similar to statement and privilege auditing:

AUDIT command looks similar to statement and privilege auditing:Auditing access to various schema objects using the AUDIT command looks similar to statement and privilege auditing:

AUDIT schema_object_clause BY {SESSION | ACCESS}

Theschema_object_clause specifies a type of object access and the object being accessed. You can audit 13 different types of operations on specific objects; they are listed in Table 31-15.

Table 31-15. Object Auditing Options  

Object Option



Alters a table, sequence, or materialized view


Audits commands on any object


Adds comments to tables, views, or materialized views


Deletes rows from a table, view, or materialized view


Performs flashback operation on a table or view


Grants privileges on any type of object


Creates an index on a table or materialized view


Inserts rows into a table, view, or materialized view


Locks a table, view, or materialized view


Performs a read operation on the contents of a DIRECTORYobject


Renames a table, view, or procedure


Selects rows from a table, view, sequence, or materialized view


Updates a table, view, or materialized view



If you wish to audit allINSERTandUPDATEcommands on theHR.JOBStable, regardless of who is doing the update, every time the action occurs, you can use theAUDITcommand as follows:

SQL> audit insert, update on hr.jobs by access whenever successful;
Audit successful.

>>> More Oracle Articles          >>> More By Apress Publishing

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Oracle Java Security Woes Continue
- Oracle's New IaaS Cloud Option: There's a Ca...
- Oracle Acquires Eloqua to Boost Cloud Presen...
- Choosing Innovation: Oracle Survey Insights
- Oracle Fixes Privilege Escalation Bug
- Oracle`s Communications Service Availability...
- Oracle Releases Exalytics, Taleo Plans
- Oracle Releases Communications Network Integ...
- Oracle Releases Communications Data Model 11...
- Oracle Releases PeopleSoft PeopleTools 8.52
- Oracle Integrates Cloudera Apache Distro, My...
- Oracle Releases MySQL 5.5.18
- Oracle Announces NoSQL Database Availability
- Sorting Database Columns With the SELECT Sta...
- Retrieving Table Data with the LIKE Operator

Developer Shed Affiliates


Dev Shed Tutorial Topics: