A Simple Example
Let’s move on to show a simple example of using FGA. This example will demonstrate the basic features and functionality of FGA. Suppose that in the HR schema of the Human Resources departmental database I have defined the EMP table as follows:
SQL> DESC emp
Name Null? Type
----------------- -------- ------------
EMPID NOT NULL NUMBER(4)
EMPNAME VARCHAR2(10)
JOB VARCHAR2(9)
MGR NUMBER(4)
HIREDATE DATE
SALARY NUMBER(7,2)
COMM NUMBER(7,2)
DEPTNO NUMBER(2)To satisfy security and privacy requirements, I need to audit any queries against this table. We can’t use database triggers or traditional auditing, so I turn to FGA. My first step is to create a policy, which I can do using the ADD_POLICY program provided in DBMS_FGA as follows:
BEGIN
DBMS_FGA.add_policy (object_schema => 'HR',
object_name => 'EMP',
policy_name => 'EMP_SEL'
);
END;Tip
You will need to have EXECUTE privileges on the DBMS_FGA package or to be connected as a SYS account to run code like that shown in the preceding example.
The FGA policy, in general, controls how the statements executed against this table will be audited. It determines the conditions under which auditing should be triggered and the actions to be taken. In the preceding example, I create a policy called EMP_SEL and apply it to the table EMP under the schema HR. The policy name must be unique in the database instance. You can define up to 256 separate policies on a single table. Support for multiple policies gives you a high degree of ...