FGA
Dear all,
We hope that all are doing well.
I need your help, I want to configure FGA (fine-grained auditing) on synonym of a database. How can I configure it?
I know how to set up on tables and views, but do not know the same for synonyms.
Your will be appreciated, thanks in advance.
DB: 11.2.0.3
OS: rhel6.1
Kind regards.
You can not attach a FGA policy to a synonym.
Just activate it for the table/view referenced by the synonym.
Tags: Database
Similar Questions
-
Hello
preparation for my OCP I reached the audit chapter.
As far as I understand it FGA does'nt store the contents of 'before' the value changed, right?
If I need to do, that meens, I write triggers, I guess.This brings me to another question to you guys working on the front:
If I have as long as a DB administrator write triggers on the tables of a written request by a company 3, is this correct?
I would feel a little uncertain, wether I can "fool around" with ther objects.Concerning
Christian
Yes, see the section "when the triggers are necessary ' week 10: Oracle Database 10 g features Top 20 DBA
Do not know what is a '3' company, but I would like to know if anyone had wrong with my items. If you mean a third-party application provider, some are very particular stuff, possibly cancelling the contracts supported. Others are happy to wash their hands of it.
-
Hi gurus
I am stable the FGA and get below error.
ORA-28112: political function or package HR. POLICY_FUNC has error
What may be the reason for this, some time ago, he was working.ORA-28112 if SELECT results or DML is run on a table with associated policy function and the political function contains errors related to strategies.
Check your policty function, it is in the status "valid"?Concerning
INAM Bukhari
http://dbmentors.blogspot.com -
Can we use FGA (Fine grain audit) edition standard oracle?
Hi all
I am looking for your help.
I put audit_trail db setting and when I tried to add the policy by using BEGIN
DBMS_FGA.add_policy... it shows ORA-00439: feature not enabled no: refined audit
SQL > select version of $ v; *
BANNER
----------------------------------------------------------------
Oracle Database 10g Release 10.2.0.4.0 - Production 64-bit
PL/SQL Release 10.2.0.4.0 - Production
CORE 10.2.0.4.0 Production
AMT for Linux: release 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production
SQL > select option $ v where PARAMETER in ('access control very specific', 'Fine grain audit'); *
VALUE OF THE PARAMETER
---------------------------------------------------------------- ----------------------------------------------------------------
FALSE fine-grained access control
Grain end FALSE audit
Thanks in advance :)
Published by: Oracle_2410 on August 9, 2011 03:00
Published by: Oracle_2410 on August 9, 2011 03:10
Published by: Oracle_2410 on August 9, 2011 03:13You are right.
The use of RLS is limited to tables of Portal metadata repository only when you use a standard edition.
I deleted the event line, maybe you can do the same thing.
Best regards
mseberg
Published by: mseberg on August 9, 2011 05:32
-
With the help of CAE/FGA columns specific null for all, but some users
I was read about VPD and - but there are many examples - I'm having a hard time to get together.
I have a table that - when most users select hand - they should get NULL in a specific column.
This column should only display a limited group of users as one value other than null.
Can someone help me with an example implementation of this?
Any help is appreciated.An excerpt from http://www.oracle-base.com/articles/10g/DatabaseSecurityEnhancements10g.php
CONN sys/password@db10g AS SYSDBA GRANT EXECUTE ON dbms_rls TO scott; CONN scott/tiger@db10g -- Create the policy function to restrict access to SAL and COMM columns -- if the employee is not part of the department 20. CREATE OR REPLACE FUNCTION pf_job (oowner IN VARCHAR2, ojname IN VARCHAR2) RETURN VARCHAR2 AS con VARCHAR2 (200); BEGIN con := 'deptno = 20'; RETURN (con); END pf_job; / -- Using the same policy function as before. BEGIN DBMS_RLS.ADD_POLICY (object_schema => 'scott', object_name => 'emp', policy_name => 'sp_job', function_schema => 'scott', policy_function => 'pf_job', sec_relevant_cols => 'sal,comm', sec_relevant_cols_opt => DBMS_RLS.ALL_ROWS); END; / -- All rows are returned but the SAL and COMM values are only -- shown for employees in department 20. SELECT empno, ename, job, sal, comm FROM emp; EMPNO ENAME JOB SAL COMM ---------- ---------- --------- ---------- ---------- 7369 SMITH CLERK 10000 7499 ALLEN SALESMAN 7521 WARD SALESMAN 7566 JONES MANAGER 2975 7654 MARTIN SALESMAN 7698 BLAKE MANAGER 7782 CLARK MANAGER 7788 SCOTT ANALYST 3000 7839 KING PRESIDENT 7844 TURNER SALESMAN 7876 ADAMS CLERK 1100 EMPNO ENAME JOB SAL COMM ---------- ---------- --------- ---------- ---------- 7900 JAMES CLERK 7902 FORD ANALYST 3000 7934 MILLER CLERK 14 rows selected. -- Remove the policy function from the table. BEGIN DBMS_RLS.DROP_POLICY (object_schema => 'scott', object_name => 'emp', policy_name => 'sp_job'); END; /The function returns "deptno = 20" so no row corresponding to this condition will show the value of sal and comm, rest will display null value.
IN your case I suppose you want the user to the function that executes the query (select user to double), once you get the user to see if it is a user who is supposed to see the values of columns if yes return "1 = 1" in the case otherwise return "0 = 1".
-
Auditing (FGA) action "procedure".
Hi all!
I'll put in place an audit fine-grained in our test database.
I did it for all the tables, no problem.
But I can't understand how to procedures. I want the process of verification and packages in our database to get information, those that are carried out by our application.
Someone knows how to set up an audit of the procedure/package?
--------------------------
This is the syntax for implementing audit table.
Run DBMS_FGA. () ADD_POLICY
object_schema = > 'TRA '.
object_name = > "PERS."
POLICY_NAME = > "PERS."
statement_types = > "SELECT, INSERT, UPDATE, DELETE");Try with procedure_name AUDIT EXECUTE ON BY SESSION
-
political error of creation of the fga
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_trail = > DBMS_FGA. DB + EXTENDED,
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > DBMS_FGA. DB + EXTENDED,
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_trail = > DBMS_FGA. DB_EXTENDED,
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > DBMS_FGA. DB_EXTENDED,
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_trail = > ' DBMS_FGA. SCOPES '.
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > ' DBMS_FGA. SCOPES '.
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_trail = > DBMS_FGA. EXTENDED,
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > DBMS_FGA. EXTENDED,
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_trail = > DBMS_FGA + EXTENDED,.
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > DBMS_FGA + EXTENDED,.
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
audit_trail 12 = > "EXTENDED."
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > "EXTENDED."
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
audit_trail 12 = > "EXTENDED."
13 audit_column_opts = > dbms_fga.all_columns);
14 end;
15.
AUDIT_TRAIL = > "EXTENDED."
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_column_opts = > dbms_fga.all_columns);
13 end;
14.
audit_column_opts = > dbms_fga.all_columns);
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_COLUMN_OPTS" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by 'AUDIT_COLUMN_OPTS' continue.
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_trail = > ' DBMS_FGA. SCOPES '.
13 audit_column_opts = > "all_columns");
14 end;
15.
AUDIT_TRAIL = > ' DBMS_FGA. SCOPES '.
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_TRAIL" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by "AUDIT_TRAIL" continue.
SQL > statement_types = > "SELECT, UPDATE.
SP2-0734: order unknown beginning «statement_...» "- rest of line is ignored.
SQL >
SQL >
SQL > start
(2 dbms_fga.add_policy)
3 object_schema = > "SA."
object_name 4 = > "TABLE_CASE"
5 policy_name = > "SA_Audit"
6 audit_condition = > 'status = "A" '.
7 audit_column = > 'OBJID, S_TITLE, CASE_STATE2CONDITION. "
8 handler_schema = > "SA."
9 handler_module = > "FGA_HANDLER"
10 activate = > TRUE,
11 statement_types = > ' SELECT, UPDATE.
12 audit_column_opts = > "all_columns");
13 end;
14.
audit_column_opts = > "all_columns");
*
ERROR on line 12:
ORA-06550: line 12, column 1:
PLS-00103: encountered the symbol "AUDIT_COLUMN_OPTS" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem
< an exponent (*) > <>or! = or ~ = > = < = <>and or LIKE2_
LIKE4_ LIKEC_ between | Member of multiset SUBMULTISET_
The symbol ',' was replaced by 'AUDIT_COLUMN_OPTS' continue.
Help me please guys, I tried by all means,statement_types => ' SELECT, UPDATE.
You are missing a comma. You need a comma after the STATEMENT_TYPES parameter.
-
DBMS_FGA audit. DISABLE_POLICY
Dear Experts
I created a policy FGA. It works very well. I mean I can see a record of any select statement on the ground that I put under the protection of FGA.
But I can't find a way to check any DBMS_FGA. DISABLE_POLICY() operation on this policy? My concern is that I want to know which invalidates the policy in.
Thank you.
Concerning
JG
You must use the Standard audit for this:
SQL > create user vlad identified by vlad;
Created by the user.
SQL > grant connect, the DBA to vlad.
Grant succeeded.
SQL > check run on dbms_fga by access;
Verification succeeded.
SQL > delete from aud$;
2650 deleted rows.
SQL > conn vlad/vlad
Connected.
SQL > start
DBMS_FGA 2. () ADD_POLICY
object_schema 3-online "scott."
object_name-online "emp",.
4 5 policy_name-online "mypolicy1."
audit_condition 6 => ' sal<>
audit_column 7 => 'comm, sal',.
handler_schema => NULL,
8 9 handler_module => NULL,
10 activate-online TRUE,
11 statement_types => 'INSERT, updated',
12 audit_trail-online DBMS_FGA. XML + DBMS_FGA. EXTENDED,
13 audit_column_opts-online DBMS_FGA. ANY_COLUMNS);
14 end;
15.
PL/SQL procedure successfully completed.
SQL > start
DBMS_FGA. () DISABLE_POLICY
object_schema-online "scott."
object_name-online "emp",.
POLICY_NAME-online 'mypolicy1');
end;
/ 2 3 4 5 6 7
PL/SQL procedure successfully completed.
SQL > select username, action_name, obj_name dba_audit_trail where username = 'VLAD ';
USER NAME ACTION_NAME
------------------------------ ----------------------------
OBJ_NAME
--------------------------------------------------------------------------------
VLAD RUN THE PROCEDURE
DBMS_FGA
OPENING OF SESSION OF VLAD
VLAD RUN THE PROCEDURE
DBMS_FGA
You can set the DB audit trail, EXPANDED to capture the entire block pl/sql executed
-
anomaly last_archive_timestamp
Oracle 11.2.0.3 SE - One
Oracle Linux 5.6 x 86-64
This is an anomaly, I noticed while working with the dbms_audit_mgmt package.
In the following script, note that I am last_archive_timestamp of setting on all 4 types of audit trail, and I'm setting in exactly in the same way.
After setting it, I ask DBA_AUDIT_MGMT_LAST_ARCH_TS to display the results.
What I notice and cannot explain is that the time zone offsets are not the same. I would have liked them to be all GMT or all local, but it's a mix.
Oracle: Mysis$ cat doit.sql
place trimsp on off tab
Conn / as sysdba
Doit.lis OPH
set head off the coast of feedback to the wide
ALTER session set nls_date_format = 'DD-MON-YYYY HH24:MI:SS ";
--
made up his mind on the feedback on
BEGIN
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_AUD_STD, TRUNC (SYSTIMESTAMP)-90);
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_FGA_STD, TRUNC (SYSTIMESTAMP)-90);
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_OS, TRUNC (SYSTIMESTAMP)-90);
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_XML, TRUNC (SYSTIMESTAMP)-90);
END;
/
--
Col last_archive_ts to a36
Select audit_trail,
last_archive_ts
of DBA_AUDIT_MGMT_LAST_ARCH_TS
audit_trail order;
SPÖ off
output
And here is the result. Notice that two of the audit trails appear LAST_ARCHIVE_TS with a time difference of + 00:00 and the other two are - 05:00.
Oracle: Mysis$ cat doit.lis
PL/SQL procedure successfully completed.
AUDIT_TRAIL LAST_ARCHIVE_TS
-------------------- ------------------------------------
FGA AUDIT TRAIL 12.00.00.000000 MARCH 28 14: 00:00
28 MARCH 14 12.00.00.000000 AM OPERATING SYSTEM AUDIT TRAIL - 05:00
STANDARD 12.00.00.000000 AUDIT TRAIL MARCH 28 14: 00:00
AUDIT TRAIL OF XML 28 MARCH 14 12.00.00.000000 AM - 05:00
4 selected lines.
Hello
It is the expected behavior. The doc:
Procedure SET_LAST_ARCHIVE_TIMESTAMP
- The
last_archive_timemust be specified in universal time coordinated (UTC), when the audit trail types areAUDIT_TRAIL_AUD_STDorAUDIT_TRAIL_FGA_STD. This is because the database audit trail store timestamps in UTC. UTC is also known as Greenwich Mean Time (GMT).
- The
last_archive_timeshould be specified as the time local time zone when the types of audit trail areAUDIT_TRAIL_OSorAUDIT_TRAIL_XML. The time zone must be the time zone of the machine where the operating system or XML audit files were created. This is because operating system audit files are cleaned based on last Modification Timestamp property of the audit file. The value of property last Modification Timestamp is stored in the local time zone of the machine.
- The
-
Another audit trail is not purged.
Oracle 11.2.0.3 SE - One
Oracle Linux 5.6 x 86-64
I seem to have a problem very similar to that described in thread https://community.Oracle.com/thread/3574919
Went through the usual steps of moving tables to audit a dedicated TS and the initialization of audit management infrastructure. Working on 3 different databases on a test server, two work exactly as planned but the third (rman duplicate every weekend production) is not purge.
Here is the testimony of the installation. For display, I changed the names of database a simply DB1, DB2, DB3. Those designated as DB3 is the "enfant terrible".
SQL > select name from v$ database;
NAME
---------
DB1
1 selected line.
SQL > SET SERVEROUTPUT ON
SQL > START
2. IF DBMS_AUDIT_MGMT.is_cleanup_initialized (DBMS_AUDIT_MGMT. AUDIT_TRAIL_DB_STD) THEN
3 DBMS_OUTPUT.put_line ('YES');
4 SOMETHING ELSE
5 DBMS_OUTPUT.put_line ('NO');
6 END IF;
7 END;
8.
YES
PL/SQL procedure successfully completed.
SQL > SELECT * FROM dba_audit_mgmt_config_params;
PARAMETER_NAME, PARAMETER_VALUE AUDIT_TRAIL
------------------------------ -------------------- --------------------
STANDARD DB TABLESPACE AUDIT_TRAIL AUDIT AUDIT TRAIL
FGA DB TABLESPACE AUDIT_TRAIL AUDIT AUDIT TRAIL
AUDIT OF AUDIT FILE MAX TRAIL SIZE 10000 OS
CHECKING FILE MAX SIZE 10000 XML AUDIT TRAIL
AUDIT FILE MAX 5 YEARS AUDIT TRAIL OS
AUDIT FILE MAX 5 YEARS AUDIT TRAIL XML
DB AUDIT OWN LOT SIZE 10000 AUDIT STANDARD
DB AUDIT OWN LOT SIZE 10000 FGA AUDIT TRAIL
1000 OS OS OWN BATCH FILE AUDIT TRAIL SIZE
OS OWN BATCH FILE AUDIT TRAIL SIZE 1000 XML
DEFAULT CLEANUP INTERVAL 24 STANDARD AUDIT TRAIL
PARAMETER_NAME, PARAMETER_VALUE AUDIT_TRAIL
------------------------------ -------------------- --------------------
DEFAULT CLEANUP INTERVAL 24 FGA AUDIT TRAIL
DEFAULT CLEANUP INTERVAL 24 OS AUDIT TRAIL
DEFAULT CLEANUP INTERVAL 24 XML AUDIT TRAIL
14 selected lines.
SQL >
SQL > exit
< snip >
SQL > select name from v$ database;
NAME
---------
DB2
1 selected line.
SQL > SET SERVEROUTPUT ON
SQL > START
2. IF DBMS_AUDIT_MGMT.is_cleanup_initialized (DBMS_AUDIT_MGMT. AUDIT_TRAIL_DB_STD) THEN
3 DBMS_OUTPUT.put_line ('YES');
4 SOMETHING ELSE
5 DBMS_OUTPUT.put_line ('NO');
6 END IF;
7 END;
8.
YES
PL/SQL procedure successfully completed.
SQL > SELECT * FROM dba_audit_mgmt_config_params;
PARAMETER_NAME, PARAMETER_VALUE AUDIT_TRAIL
------------------------------ -------------------- --------------------
STANDARD DB TABLESPACE AUDIT AUDIT TRAIL
FGA DB TABLESPACE AUDIT AUDIT TRAIL
AUDIT OF AUDIT FILE MAX TRAIL SIZE 10000 OS
CHECKING FILE MAX SIZE 10000 XML AUDIT TRAIL
AUDIT FILE MAX 5 YEARS AUDIT TRAIL OS
AUDIT FILE MAX 5 YEARS AUDIT TRAIL XML
DB AUDIT OWN LOT SIZE 10000 AUDIT STANDARD
DB AUDIT OWN LOT SIZE 10000 FGA AUDIT TRAIL
1000 OS OS OWN BATCH FILE AUDIT TRAIL SIZE
OS OWN BATCH FILE AUDIT TRAIL SIZE 1000 XML
DEFAULT CLEANUP INTERVAL 24 STANDARD AUDIT TRAIL
PARAMETER_NAME, PARAMETER_VALUE AUDIT_TRAIL
------------------------------ -------------------- --------------------
DEFAULT CLEANUP INTERVAL 24 FGA AUDIT TRAIL
DEFAULT CLEANUP INTERVAL 24 OS AUDIT TRAIL
DEFAULT CLEANUP INTERVAL 24 XML AUDIT TRAIL
14 selected lines.
SQL >
SQL > exit
< snip >
SQL > select name from v$ database;
NAME
---------
GBP
1 selected line.
SQL > SET SERVEROUTPUT ON
SQL > START
2. IF DBMS_AUDIT_MGMT.is_cleanup_initialized (DBMS_AUDIT_MGMT. AUDIT_TRAIL_DB_STD) THEN
3 DBMS_OUTPUT.put_line ('YES');
4 SOMETHING ELSE
5 DBMS_OUTPUT.put_line ('NO');
6 END IF;
7 END;
8.
YES
PL/SQL procedure successfully completed.
SQL > SELECT * FROM dba_audit_mgmt_config_params;
PARAMETER_NAME, PARAMETER_VALUE AUDIT_TRAIL
------------------------------ -------------------- --------------------
STANDARD DB TABLESPACE AUDIT AUDIT TRAIL
FGA DB TABLESPACE AUDIT AUDIT TRAIL
AUDIT OF AUDIT FILE MAX TRAIL SIZE 10000 OS
CHECKING FILE MAX SIZE 10000 XML AUDIT TRAIL
AUDIT FILE MAX 5 YEARS AUDIT TRAIL OS
AUDIT FILE MAX 5 YEARS AUDIT TRAIL XML
DB AUDIT OWN LOT SIZE 10000 AUDIT STANDARD
DB AUDIT OWN LOT SIZE 10000 FGA AUDIT TRAIL
1000 OS OS OWN BATCH FILE AUDIT TRAIL SIZE
OS OWN BATCH FILE AUDIT TRAIL SIZE 1000 XML
DEFAULT CLEANUP INTERVAL 24 STANDARD AUDIT TRAIL
PARAMETER_NAME, PARAMETER_VALUE AUDIT_TRAIL
------------------------------ -------------------- --------------------
DEFAULT CLEANUP INTERVAL 24 FGA AUDIT TRAIL
DEFAULT CLEANUP INTERVAL 24 OS AUDIT TRAIL
DEFAULT CLEANUP INTERVAL 24 XML AUDIT TRAIL
14 selected lines.
SQL >
SQL > exit
Here are the guts of the purge script
Conn / as sysdba
ALTER session set nls_date_format = 'DD-MON-YYYY HH24:MI:SS ";
Select the name,
SYSDATE RUN_TIME
from v$ database;
--
Select count (*) audit_recs,
min (timestamp) oldest.
Max (timestamp) new
of dba_audit_trail;
--
BEGIN
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_AUD_STD, TRUNC (SYSTIMESTAMP)-90);
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_FGA_STD, TRUNC (SYSTIMESTAMP)-90);
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_OS, TRUNC (SYSTIMESTAMP)-90);
DBMS_AUDIT_MGMT. SET_LAST_ARCHIVE_TIMESTAMP (DBMS_AUDIT_MGMT. AUDIT_TRAIL_XML, TRUNC (SYSTIMESTAMP)-90);
END;
/
--
BEGIN
DBMS_AUDIT_MGMT. CLEAN_AUDIT_TRAIL (DBMS_AUDIT_MGMT. AUDIT_TRAIL_ALL, TRUE);
END;
/
--
Select count (*) audit_recs,
min (timestamp) oldest.
Max (timestamp) new
of dba_audit_trail;
--
and here are the results of the problem child
Modified session.
NAME RUN_TIME
--------- --------------------
DB3 24 JUNE 2014 08:05:01
AUDIT_RECS MOST RECENT FORMER
---------- -------------------- --------------------
3535812 17 JUNE 2013 02:45:49 JUNE 24, 2014 08:01:33
PL/SQL procedure successfully completed.
PL/SQL procedure successfully completed.
AUDIT_RECS MOST RECENT FORMER
---------- -------------------- --------------------
3535812 17 JUNE 2013 02:45:49 JUNE 24, 2014 08:01:33
As usual, I'm sure I have forgotten any essential difference between the 'good' and 'bad', but it eludes me.
> but the third (rman duplicate every weekend production) is not purge.
If the DBID changed?
See footnote support Oracle #1431343.1
Hemant K Collette
-
Schedule of procedures of two or more in the same task?
Hello everyone,
I want to schedule a task using dbms_scheduler and I both procedures (one for serving newspapers AUD and the second for FGA). What is the best way to schedule only a single job that will run two procedures each month?
Thanks in advance
Honza
In my opinion create job like that is not good. Management jobs as this very uncomfortable. Because of this that I am recommended create a main proceeding and call this working procedure
----
Ramin Hashimzade
-
puzzled on the errors of export...
Oracle 11.2.0.4 on RHEL 6.4.
I'm an export datapump FULL running as a SYSTEM user and get the following errors.
I would also like to clarify that it is a database of repository SGD emo 12.1.0.3.
My basic command is:
$(ORACLE_HOME) / bin/expdp system / $SYSTÈME. FULL = Y \ Directory = ${ORACLE_SID} \ dumpfile=expdp_${ORACLE_SID}_FULL_${date}_%U.dmp.------
logfile = expdp_$ {ORACLE_SID} _FULL_$ {DATE} .log \ JOB_NAME = ${ORACLE_SID} _expdp_full_ {DATE} \ PARALLEL = 4 \ COMPRESSION = ALL \ FILE SIZE = 30G
When I run the above such as SYSTEM, and even if it has
EXPORT OF COMPLETE DATABASE
GLOBAL QUERY REWRITE
CREATE A MATERIALIZED VIEW
CREATE TABLE
UNLIMITED TABLESPACE
SELECT ANY TABLE
I have 55 privilege separate errors similar to: (even if I do not turn on any type of controls FGA - unless they are machines when setting up the repository of the WHO)
ORA-39181: only partial table data can be exported due to the control of access to grain on "SYSMAN_MDS". "" MDS_DEPENDENCIES ". . . exported "SYSMAN_MDS." "" MDS_DEPENDENCIES ". 0 KB 0 rows I also have the following error if I run export as SYS or SYSTEM.
Departure 'SYS '. "' omsrp_expdp_full_20140318_10_2 ': ' / * AS SYSDBA" FULL = directory = omsrp dumpfile=expdp_omsrp_FULL_20140318_10_23_%U.dmp expdp_omsrp_FULL_20140318_10_23.log = logfile JOB_NAME = omsrp_expdp_full_20140318_10_23 PARALLEL = COMPRESSION = FILESIZE ALL = 30 G 4
Current estimation using BLOCKS method...
> > > ORA-31642: failure of the following SQL statement:
BEGIN "SYS." "" DBMS_RULE_EXP_RULES ". SCHEMA_CALLOUT(:1,0,1,'11.02.00.04.00'); END;
ORA-01950: no privileges on tablespace 'SYSAUX.
And Yes, I have granted explicitly quota unlimited on SYSAUX SYS and SYSTEM times, but still get the error.
But at the end of export, it shows while it exported successfully without error.
Table main 'SYS '. "' omsrp_expdp_full_20140318_10_2 ' properly load/unloaded
******************************************************************************
For SYS.omsrp_expdp_full_20140318_10_2 dump file is:
/Backup/exports/omsrp/expdp_omsrp_FULL_20140318_10_23_01.dmp
/Backup/exports/omsrp/expdp_omsrp_FULL_20140318_10_23_02.dmp
/Backup/exports/omsrp/expdp_omsrp_FULL_20140318_10_23_03.dmp
/Backup/exports/omsrp/expdp_omsrp_FULL_20140318_10_23_04.dmp
Job 'SYS '. "' omsrp_expdp_full_20140318_10_2 ' completed Tue Mar 18 10:28:26 2014 elapsed 0 00:04:56
It left me speechless.
977635, user as SYS: GRANT EXEMPT ACCESS POLICY to THE SYSTEM. by IOM 11 GR 2: backup scheme and restoration using Data Pump utility Client (Doc ID 1492129.1) which States that,
- -
HTH - Mark D Powell.
-
Confusion of database verification
Hi all
11.2.0.1
Is there a grain end audit in 11g?
As the audit access level column, SELECT salary OF EMP.
I want to audit all users who access the salary of EMP table column.
Thank you
Petra k
f55237a7-2c38-4DB3-a7a3-1d77256f0730 wrote:
If SCOTT consulted the column SALARY of EMP he gets signed or verified.
But if STEVE do the same thing, it is not checked.
This means, it is necessary to add political FGA for the user to STEVE who must be reconfigured like this:
Start
() dbms_fga.add_policy
object_schema-online 'HR ',.
object_name-online "EMP",.
POLICY_NAME => "HR_EMP_DETAILS."
audit_column-online "PAY."
statement_types-online "SELECT."
audit_condition => 'USER is "STEVE" ',
);
end;
1 FGA fires only when at least one row is returned.
2.DBA_FGA_AUDIT_TRAIL view to access the FGA audit trail.
3 but be aware that FGA inserted several lines of audit, if statement_types is running in parallel. For this, you must do something like below:
Concerning
Girish Sharma
-
Get all the current statements for a table
Hi all
I would like to know if its possible to retrieve all select, insert, delete, instructions update for a table at a given time or for a period of approximately 10 seconds.
as something like that
Select username, ORDER MACHINE, SQL_ID, SQL_EXEC_START session $ v where sql_id in)
Select sql_id in v$ sql where sql_text like '% MYTABLENAME %');
I know there are several requests for this table, but with this query, I see only my own queries!
Why?Perhaps the best way is using audit or FGA. If you are looking for in the library cache, older statements do not exist. Depends or you install Grid Control/DB Console can help too but if you have the default values you have only one month.
HTH
Antonio NAVARRO -
Problem checking - column SQL_BIND
Hello
I come to you today because I have a problem with the Oracle audit function.
I set the server as follows:
ALTER SYSTEM SET AUDIT_TRAIL = db, extended field of APPLICATION = SPFILE;
SHUTDOWN IMMEDIATE
STARTUP
Checking the SHOW PARAMETER:
AUDIT_TRAIL DB, extended
audit_sys_operations = true
(classic audit, no FGA)
Then, I put a check on my test table:
INSERT, DELETE, UPDATE VERIFICATION WE TEST. MYTABLE BY ACCESS WHEN SUCCESSFUL
At the launch of a statement like this:
Update test.mytable set name_user ="johan"where id_user = 102;
results have nothing on the SQ_BIND of DBA_AUDIT_OBJET column when the SQL_TEXT column is correctly classified.
My version of Oracle is 11.2.0.1.0 64bits.
You have an idea for this problem?
Thank you in advance.
(Sorry for my English, it is not my native language)Hello
Because you do not link variable in your update statement.
Try this, I hope it workVARIABLE test varchar2(10); EXEC :test := 'johan'; update test.mytable set name_user =:test where id_user =102;
Maybe you are looking for
-
Utility of fingerprinting Qosmio X 500 / 02G
Have only 1 user and obviously I am an administrator.At startup, I use fingerprints to open a session and have no probs. Even fingerprinting also autocompletes passwords etc. on IE pages. When I run the Toshiba fingerprint utility he sticks a request
-
cannot depend on an error code 0 x 80070422 firewall.
I can't turn on firewall Dungeon rceiving error code 0 x could 80070422 someone help me please. I really thank you not litrerate soome to explain really need computer...
-
Hello I just want to know, is it possible to update my graphics card? It is removable?
-
Help. After many trial and error with that I just humbly you using snatch clusters hair. *** Make a bootable DVD of Windows 7 Home Premium OEM disk image downloaded from Digital River. Q1: Can I activate it with the Windows 7 Home Premium product key
-
I have built this platform with the help of the owner of a store of 4 cumputer teir 2 years ago. We initially put Windows Vista 32 bit on the system to Vista 64 bit unstable atm. For 2 years, the computer worked like a dream. Last week I made a clean