- Activities from administrative users such as SYSDBA, SYSBACKUP, and SYSKM.
- The following audit-related activities are mandatorily audited:
| CREATE AUDIT POLICY | AUDIT | EXECUTE of the DBMS_FGA PL/SQL package |
| ALTER AUDIT POLICY | NOAUDIT | EXECUTE of the DBMS_AUDIT_MGMT PL/SQL package |
| DROP AUDIT POLICY | Access to sensitive columns in the optimizer dictionary tables. | ALTER TABLE attempts on the AUDSYS audit trail table |
| Top level statements by the administrative users SYS, SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM, until the database opens | All user-issued DML statements on the SYS.AUD$ and SYS.FGA_LOG$ dictionary tables | Any attempts to modify the data or metadata of the unified audit internal table. SELECT statements on this table are not audited by default or mandatorily. |
| All configuration changes that are made to Oracle Database Vault |
||
The audit information can be found in the view UNIFIED_AUDIT_TRAIL.
Documentation for Mandatory Unified Auditing in Oracle 12.2 can be found here
No comments:
Post a Comment