AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }
查看当前数据库审计:
SYS@hfdr>show parameter audit_trail
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string DB
可是更改audit_trail参数需要重启数据库,就可以使用细粒度审计(FGA:Fine Grained Auditing)来进行实现。
DBMS_FGA.ADD_POLICY(
object_schema IN VARCHAR2 DEFAULT NULL
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
audit_condition IN VARCHAR2 DEFAULT NULL,
audit_column IN VARCHAR2 DEFAULT NULL
handler_schema IN VARCHAR2 DEFAULT NULL,
handler_module IN VARCHAR2 DEFAULT NULL,
enable IN BOOLEAN DEFAULT TRUE,
statement IN SELECT,
audit_trail IN BINARY_INTEGER DEFAULT NULL,
audit_column_opts IN BINARY_INTEGER DEFAULT ANY_COLUMNS,
policy_owner IN VARCHAR2 DEFAULT NULL);
BEGIN
DBMS_FGA.ADD_POLICY(
object_schema => HR,
object_name => EMPLOYEES,
policy_name => chk_hr_employees,
audit_column => SALARY,
enable => TRUE,
statement_types => INSERT, UPDATE, SELECT, DELETE);
END;
/
ZHANGYUN@hfdr>select * from zy;
ID NAME ADDR
---------- -------------------- --------------------
1 zhangyu6 hefei
2 zhangyu4 hefei
3 zhangyu4444 hefei
4 zhangyu3 hefei
5 zhangyu2 hefei
6 zhangyu1 hefei
BEGIN
DBMS_FGA.ADD_POLICY(
object_schema => ZHANGYUN,
object_name => ZY,
policy_name => chk_zhangyun_zy,
audit_column => name,
enable => TRUE,
statement_types => INSERT, UPDATE, SELECT, DELETE);
END;
/
创建完之后验证创建是否成功
ZHANGYUN@hfdr>select policy_name from dba_audit_policies;
POLICY_NAME
------------------------------
CHK_ZHANGYUN_ZY
查看审计是否有效
ZHANGYUN@hfdr>select sql_text from dba_fga_audit_trail;
ZHANGYUN@hfdr>select * from zy where name=zhangyu1;
ID NAME ADDR
---------- -------------------- --------------------
6 zhangyu1 hefei
ZHANGYUN@hfdr>select * from zy;
ID NAME ADDR
---------- -------------------- --------------------
1 zhangyu6 hefei
2 zhangyu4 hefei
3 zhangyu4444 hefei
4 zhangyu3 hefei
5 zhangyu2 hefei
6 zhangyu1 hefei
ZHANGYUN@hfdr>select id from zy;
ID
----------
1
2
3
4
5
6
ZHANGYUN@hfdr>select id from zy where name=zhangyu1;
ID
----------
6
ZHANGYUN@hfdr>select sql_text from dba_fga_audit_trail;
SQL_TEXT
--------------------------------------------------------------------------------
select * from zy where name=zhangyu1
select * from zy
select id from zy where name=zhangyu1
DBMS_FGA.DROP_POLICY(
object_schema VARCHAR2,
object_name VARCHAR2,
policy_name IVARCHAR2);
6.2 下面我们来删除已经创建的FGA审计
BEGIN
DBMS_FGA.DROP_POLICY(
object_schema => zhangyun,
object_name => zy,
policy_name => chk_zhangyun_zy);
END;
/
select policy_name from dba_audit_policies;
ZHANGYUN@hfdr>select sql_text from dba_fga_audit_trail;
SQL_TEXT
--------------------------------------------------------------------------------
select * from zy where name=zhangyu1
select * from zy
select id from zy where name=zhangyu1
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/129434.html
摘要:如何成为云中硬核牧羊人云堡垒机服务高效运维,让云主机不再成为落单的小羊企业运维场景难点,自检你中招了哪些企业运维账号众多企业运维的服务器数量众多,而维护人员数量有限,一个运维人员维护多台主机多个系统的现象普遍存在。 如何成为云中硬核牧羊人?云堡垒机服务高效运维,让云主机不再成为落单的小羊! 企业运维场景难点,自检你中招了哪些?• 企业运维账号众多企业运维的服务器数量众多,而维护人...
摘要:往期精选社区投稿和跨分片查询结果不一致案例分析自定义拆分算法配置解析使用指南开源分布式中间件快速入门指南配置解析社区活动如何获取全国场主题大会免费入场券 DBLE是基于开源项目MyCat发展的企业级开源分布式中间件,适用于高并发及TB级海量数据处理场景;江湖人送外号 MyCat Plus;其简单稳定,持续维护,良好的社区环境和广大的群众基础使DBLE得到了社区的大力支持。 DBLE项目...
阅读 1347·2023-01-11 13:20
阅读 1685·2023-01-11 13:20
阅读 1133·2023-01-11 13:20
阅读 1860·2023-01-11 13:20
阅读 4101·2023-01-11 13:20
阅读 2705·2023-01-11 13:20
阅读 1386·2023-01-11 13:20
阅读 3598·2023-01-11 13:20