- Activities from administrative users such as SYSDBA, SYSBACKUP, and SYSKM.
- The following audit-related activities are mandatorily audited:
CREATE AUDIT POLICY | AUDIT | EXECUTE of the DBMS_FGA PL/SQL package |
ALTER AUDIT POLICY | NOAUDIT | EXECUTE of the DBMS_AUDIT_MGMT PL/SQL package |
DROP AUDIT POLICY | Access to sensitive columns in the optimizer dictionary tables. | ALTER TABLE attempts on the AUDSYS audit trail table |
Top level statements by the administrative users SYS, SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSDG, and SYSKM, until the database opens | All user-issued DML statements on the SYS.AUD$ and SYS.FGA_LOG$ dictionary tables | Any attempts to modify the data or metadata of the unified audit internal table. SELECT statements on this table are not audited by default or mandatorily. |
All configuration changes that are made to Oracle Database Vault |
The audit information can be found in the view UNIFIED_AUDIT_TRAIL.
Documentation for Mandatory Unified Auditing in Oracle 12.2 can be found here