For example, create a policy to audit the "create session" privilege:
create audit policy audit_cre_session privileges create session;
Start auditing of the policy:
audit policy audit_cre_session;
In the next example, I am creating a policy to audit DML statements on a specific table:
create audit policy audit_dml_emp actions delete on scott.emp, insert on scott.emp, update on scott.emp ;
Create a separate policy for auditing of queries against a specific table:
create audit policy audit_select_emp actions select on scott.emp ;
Finally, start auditing both policies:
audit policy audit_dml_emp; audit policy audit_select_emp;
The results of the auditing can be observed through the unified_audit_trail view:
select audit_type, os_username, userhost, terminal, authentication_type, dbusername, client_program_name, event_timestamp, action_name, return_code, object_name, sql_text, system_privilege_used, unified_audit_policies from unified_audit_trail order by event_timestamp desc;If you later need to modify a policy, use
alter audit policy audit_dml_emp drop actions delete on scott.emp;to reverse your change back to its original state:
alter audit policy audit_dml_emp add actions delete on scott.emp;12.2 documentation here
19c documentation here
No comments:
Post a Comment