 |
|
Oracle Tips by Burleson |
Chapter 10 Oracle Grants
Auditing
dbms_fga.add_policy (
object_schema=>'CLAIM_SCHEMA',
object_name=>'CLAIMS',
policy_name=>'LARGE_CLAIM'
);
end;
This statement creates an FGA policy named
LARGE_CLAIM on the table claims. Note this policy is different from
the policy defined in Virtual Private Database (VPD). Even though
both are called policies, VPD policies restrict the rows visible to
the users whereas FGA policies define how the select statements are
recorded. They are very different concepts.
Another important thing to note here is, as of
Oracle 9i, the FGA policies define how the auditing is done for
SELECT statements only, not for other statements. However, that is
hardly a problem, since the audit trails of other transactional
statements like INSERT, UPDATE and DELETE can be captured using
triggers.
After this statement is executed, any select
statement on the claims table is audited. For instance, if JUDY
selects from this table as:
select * from claim_schema.claims;
The operation is audited. The audit records can
be seen by issuing:
select db_user, os_user, policy_name,
to_char(timestamp,'mm/dd/yyyy hh24:mi:ss'),
sql_text
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|
