How Auditing Works
By default, from Oracle version 7.X on, the following sequence of events occurs when the database is created:
CATALOG.SQLis run and calls several other scripts.CATAUDIT.SQLis run as one of the scripts called fromCATALOG.SQL.The auditing views are created.
A public synonym is created for each of the auditing views.
Public access is granted to enable SELECT on each of the auditing views.
Thus, from the point in time when the database is created, the
ability for anyone to audit activities in the database exists. In the
case of USER_ audit views, as opposed to DBA_ audit views, the user
will only be permitted to view information in his own area and not be
able to see information in another user’s schema. The
CATAUDIT.SQL
script can be found in the
$ORACLE_HOME/RDMBS80/ADMIN directory on most
platforms. On an OpenVMS system, all of the “CAT” scripts
(Oracle-delivered scripts with the first three letters of the script
name “CAT”) can be found in the
ORA_ROOT:[RDBMS] directory.
The Auditing Views
The
auditing views require few resources prior to being activated.
However, since public is granted access to them, be
sure to protect them from tampering. Running the
CATAUDIT.SQL script will create the auditing
views shown in Table 10.1. Only the access to the
DBA_ views for auditing is granted to the SELECT_CATALOG_ROLE.
Table 10-1. Oracle Standard Auditing Views (from CATAUDIT.SQL)
|
Auditing View |
Description |
|---|---|
|
AUDIT_ACTIONS |
Description table for audit trail action ... |
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
