oracle 数据库审计
今天是2013-12-15,上周一直处理was问题,今天继续研究oracle,记录一下学习笔记。
对于oracle审计有如下参数:
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL>
其中audit_file_dest为审计日志路径,默认只记录简单的登录信息,如果想对sys用户进行详细 审计那么可以设置audit_sys_operations为true;
eg:
SQL> select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat);
ADDR SPID SID
---------------- ------------------------ ----------
0000000084CCB190 2661 58
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
SQL> !more /opt/app/oracle/admin/RHYS/adump/*2661*
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_2661_20131215081951980023143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 37
Unix process pid: 2661, image: oracle@oracle-one (TNS V1-V3)
Sun Dec 15 08:19:52 2013 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'
SQL>
审计sys用户操作记录:
SQL> alter system set audit_sys_operations=true scope=spfile;
System altered.
SQL> startup force
ORACLE instance started.
Total System Global Area 626327552 bytes
Fixed Size 2255832 bytes
Variable Size 440402984 bytes
Database Buffers 180355072 bytes
Redo Buffers 3313664 bytes
Database mounted.
Database opened.
SQL>
SQL>
SQL>
SQL> set linesize 200
SQL> select * from scott.emp ;
no rows selected
SQL> select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat);
ADDR SPID SID
---------------- ------------------------ ----------
0000000084CBB6C8 2803 1
SQL> !more /opt/app/oracle/admin/RHYS/adump/*2803*
::::::::::::::
/opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131203104828030790143795.aud
::::::::::::::
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131203104828030790143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 0
Oracle process number: 23
Unix process pid: 2803, image: oracle@oracle-one (TNS V1-V3)
Tue Dec 3 10:48:28 2013 +08:00
LENGTH : '142'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[4] 'grid'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
DBID:[0] ''
::::::::::::::
/opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131215082834058875143795.aud
::::::::::::::
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_2803_20131215082834058875143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 22
Unix process pid: 2803, image: oracle@oracle-one (TNS V1-V3)
Sun Dec 15 08:28:34 2013 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'
Sun Dec 15 08:29:06 2013 +08:00
LENGTH : '173'
ACTION :[19] 'ALTER DATABASE OPEN'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'
Sun Dec 15 08:29:40 2013 +08:00
LENGTH : '178'
ACTION :[24] 'select * from scott.emp '
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'
Sun Dec 15 08:29:53 2013 +08:00
LENGTH : '280'
ACTION :[125] 'select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat)'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '2745484551'
::::::::::::::
/opt/app/oracle/admin/RHYS/adump/RHYS_ora_5216_20131129172703752803143795.aud
::::::::::::::
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_5216_20131129172703752803143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 28
Unix process pid: 5216, image: oracle@oracle-one (TNS V1-V3)
Fri Nov 29 17:27:03 2013 +08:00
LENGTH : '155'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[0] ''
STATUS:[1] '0'
DBID:[10] '2745192666'
SQL>
可以看到该用户进行的操作全部记录下来。
SQL> r
1* select p.addr,p.spid,s.sid from v$process p join v$session s on p.addr=s.paddr and s.sid=(select distinct(sid) from v$mystat)
ADDR SPID SID
---------------- ------------------------ ----------
0000000084CBB6C8 2903 1
SQL> !more /opt/app/oracle/admin/RHYS/adump/*2903*
Audit file /opt/app/oracle/admin/RHYS/adump/RHYS_ora_3971_20131205162200142903143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
ORACLE_HOME = /opt/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: oracle-one
Release: 2.6.39-400.17.1.el6uek.x86_64
Version: #1 SMP Fri Feb 22 18:16:18 PST 2013
Machine: x86_64
Instance name: RHYS
Redo thread mounted by this instance: 1
Oracle process number: 30
Unix process pid: 3971, image: oracle@oracle-one (TNS V1-V3)
Thu Dec 5 16:22:00 2013 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/1'
STATUS:[1] '0'
DBID:[10] '2745484551'
注意到其他用户信息则无法审计。那么就需要看一下另一个参数:audit_trail
该参数具有如下值:
AUDIT_TRAIL = { none | os | db [, extended] | xml [, extended] }
none 表示不启用审计
os 表示审计文件信息在操作系统存储,这是oracle建议的
db 表示审计信息记录在sys.aud$视图中
db,extended 表示审计信息记录在sys.aud$视图中,其中包含sql text和sql bind
xml 表示在操作系统以xml格式记录审计日志
xml 表示在操作系统以xml格式记录审计日志,其中包含sql text和sql bind
其中这些审计信息可以通过查看dba_audit_trait以及aud$。
EG:
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
SQL> show user
USER is "SYS"
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;
no rows selected
SQL> audit select table,update table,delete table,insert table by scott by access;
Audit succeeded.
SQL> grant select on dba_audit_trail to scott
2 ;
Grant succeeded.
SQL> conn scott/root
Connected.
SQL> select * from dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
SQL>
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;
OS_USERNAME USERNAME TIMESTAMP OBJ_NAME ACTION_NAME AUDIT_OPTION SQL_TEXT SQL_BIND
-------------------- ---------- --------- --------------- ---------------------------- -------------------- ------------------------------ ------------------------------
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT
SQL>
本次是采用语句审计,还可以采用会话审计。http://docs.oracle.com/cd/E11882_01/server.112/e41084/statements_4007.htm#SQLRF53735
语句审计:
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
SQL>
SQL>
SQL> alter system set audit_trail=db,extended scope=spfile;
System altered.
SQL> startup force
ORACLE instance started.
Total System Global Area 626327552 bytes
Fixed Size 2255832 bytes
Variable Size 440402984 bytes
Database Buffers 180355072 bytes
Redo Buffers 3313664 bytes
Database mounted.
Database opened.
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /opt/app/oracle/admin/RHYS/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB, EXTENDED
SQL>
SQL> conn scott/root
Connected.
SQL> select * from dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;
OS_USERNAME USERNAME TIMESTAMP OBJ_NAME ACTION_NAME AUDIT_OPTION SQL_TEXT SQL_BIND
-------------------- ---------- --------- --------------- ---------------------------- -------------------- ------------------------------ ------------------------------
oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT
SQL> select * from dept where deptno=10;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;
OS_USERNAME USERNAME TIMESTAMP OBJ_NAME ACTION_NAME AUDIT_OPTION SQL_TEXT SQL_BIND
-------------------- ---------- --------- --------------- ---------------------------- -------------------- ------------------------------ ------------------------------
oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept where deptn
o=10
oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT
SQL> var n:=10
SQL> select os_username,username,timestamp,obj_name,ACTION_NAME,audit_option,sql_text,sql_bind from dba_audit_trail where owner='SCOTT' ORDER BY TIMESTAMP DESC;
OS_USERNAME USERNAME TIMESTAMP OBJ_NAME ACTION_NAME AUDIT_OPTION SQL_TEXT SQL_BIND
-------------------- ---------- --------- --------------- ---------------------------- -------------------- ------------------------------ ------------------------------
oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept where deptn #1(0):
o=(:n)
oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept where deptn
o=10
oracle SCOTT 15-DEC-13 DEPT SELECT select * from dept
oracle SCOTT 15-DEC-13 EMP SELECT
oracle SCOTT 15-DEC-13 DEPT SELECT
SQL>
对于数据库的审计视图可以进行查看:
SQL> col object_name for a50
SQL> r
1* select object_name,object_type from dba_objects where object_name like '%AUDIT%' and object_type in ('TABLE','VIEW')
OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
AUDIT$ TABLE
STMT_AUDIT_OPTION_MAP TABLE
V_$XML_AUDIT_TRAIL VIEW
GV_$XML_AUDIT_TRAIL VIEW
AUDIT_ACTIONS TABLE
ALL_DEF_AUDIT_OPTS VIEW
USER_OBJ_AUDIT_OPTS VIEW
DBA_OBJ_AUDIT_OPTS VIEW
DBA_STMT_AUDIT_OPTS VIEW
DBA_PRIV_AUDIT_OPTS VIEW
DBA_AUDIT_TRAIL VIEW
OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
USER_AUDIT_TRAIL VIEW
DBA_AUDIT_SESSION VIEW
USER_AUDIT_SESSION VIEW
DBA_AUDIT_STATEMENT VIEW
USER_AUDIT_STATEMENT VIEW
DBA_AUDIT_OBJECT VIEW
USER_AUDIT_OBJECT VIEW
DBA_AUDIT_EXISTS VIEW
SM$AUDIT_CONFIG VIEW
DBA_AUDIT_POLICIES VIEW
DBA_AUDIT_POLICY_COLUMNS VIEW
OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
ALL_AUDIT_POLICIES VIEW
ALL_AUDIT_POLICY_COLUMNS VIEW
USER_AUDIT_POLICIES VIEW
USER_AUDIT_POLICY_COLUMNS VIEW
DBA_FGA_AUDIT_TRAIL VIEW
DBA_COMMON_AUDIT_TRAIL VIEW
DBA_AUDIT_MGMT_CONFIG_PARAMS VIEW
DBA_AUDIT_MGMT_LAST_ARCH_TS VIEW
DBA_AUDIT_MGMT_CLEANUP_JOBS VIEW
DBA_AUDIT_MGMT_CLEAN_EVENTS VIEW
REPCAT$_AUDIT_ATTRIBUTE TABLE
OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
DBA_REPAUDIT_ATTRIBUTE VIEW
ALL_REPAUDIT_ATTRIBUTE VIEW
USER_REPAUDIT_ATTRIBUTE VIEW
REPCAT$_AUDIT_COLUMN TABLE
DBA_REPAUDIT_COLUMN VIEW
ALL_REPAUDIT_COLUMN VIEW
USER_REPAUDIT_COLUMN VIEW
KU$_AUDIT_VIEW VIEW
KU$_10_1_AUDIT_VIEW VIEW
KU$_AUDIT_OBJ_BASE_VIEW VIEW
KU$_AUDIT_OBJ_VIEW VIEW
OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
KU$_AUDIT_DEFAULT_VIEW VIEW
KU$_PROC_AUDIT_VIEW VIEW
KU$_PROCOBJ_AUDIT_VIEW VIEW
KU$_PROCDEPOBJ_AUDIT_VIEW VIEW
MGMT_BCN_TXN_AUDIT TABLE
MGMT_AUDIT_MASTER TABLE
MGMT_AUDIT_DESTINATION TABLE
MGMT_AUDIT_LOGS TABLE
MGMT_AUDIT_CUSTOM_ATTRIBS TABLE
MGMT$ESA_AUDIT_SYSTEM_REPORT VIEW
MGMT$AUDIT_LOG VIEW
OBJECT_NAME OBJECT_TYPE
-------------------------------------------------- -------------------
WWV_FLOW_BUILDER_AUDIT_TRAIL TABLE
APEX_DEVELOPER_AUDIT_LOG VIEW
57 rows selected.
SQL>
audit sql_statement_clause [by user_name]|[by [session][access]] [whenever [not] successful]
审计用户操作by user_name
审计用户sql:by access 对每条语句进行审计重复的sql也审计
审计用户sql:by session 只对该session sql进行审计,去除重复sql
审计用户登录成功或是失败 whenever successful whenever not successful
查看dba_stmt_audit_opts了解哪些用户进行了语句审计。
权限审计:
audit privilege_name [by user_name]|[by [session][access]] [whenever [not] successful]
查看dba_priv_audit_opts了解哪些用户有哪些权限审计进行记录
对象审计
audit schema_object_clause on schema by [access][session] [whenerver [not] successful]
查看dba_obj_audit_opts了解哪些用户进行了对象审计。
eg:
SQL>
SQL> audit select,insert on scott.emp by session;
Audit succeeded.
SQL> truncate table aud$;
Table truncated.
SQL> select * from dba_obj_audit_opts;
OWNER OBJECT_NAME OBJECT_TYPE ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE CRE REA WRI FBK
------------------------------ -------------------------------------------------- ----------------------- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
SCOTT EMP TABLE -/- -/- -/- -/- -/- -/- S/S -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
SQL>
SQL>
SQL>
SQL> noaudit select,insert on scott.emp;
Noaudit succeeded.
SQL> select * from dba_obj_audit_opts;
no rows selected
SQL>
取消审计使用noaudit
eg:
noaudit select table,insert table,delete table,update table by scott;
noaudit all privilege by scott;
在9i开始引入fga审计,使其审计更加精细可以对列行进行审计。其原理通过dbms_fga包进行实现,且记录在fga_log$中。
http://docs.oracle.com/cd/E11882_01/appdev.112/e40758/d_fga.htm#i1001938
SQL> desc dbms_fga
PROCEDURE ADD_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
AUDIT_CONDITION VARCHAR2 IN DEFAULT
AUDIT_COLUMN VARCHAR2 IN DEFAULT
HANDLER_SCHEMA VARCHAR2 IN DEFAULT
HANDLER_MODULE VARCHAR2 IN DEFAULT
ENABLE BOOLEAN IN DEFAULT
STATEMENT_TYPES VARCHAR2 IN DEFAULT
AUDIT_TRAIL BINARY_INTEGER IN DEFAULT
AUDIT_COLUMN_OPTS BINARY_INTEGER IN DEFAULT
POLICY_OWNER VARCHAR2 IN DEFAULT
PROCEDURE DISABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE DROP_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE ENABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
ENABLE BOOLEAN IN DEFAULT
SQL>
eg:
SQL> BEGIN
2 DBMS_FGA.ADD_POLICY(
3 OBJECT_SCHEMA=>'SCOTT',
4 OBJECT_NAME=>'DEPT',
5 POLICY_NAME=>'EMP_AUDIT',
6 AUDIT_COLUMN=>'DEPTNO',
7 STATEMENT_TYPES=>'UPDATE');
8 END;
9 /
PL/SQL procedure successfully completed.
SQL>
SQL> CONN SCOTT/root
Connected.
SQL> select * from dept;
DEPTNO DNAME LOC
---------- -------------- -------------
10 ACCOUNTING NEW YORK
20 RESEARCH DALLAS
30 SALES CHICAGO
40 OPERATIONS BOSTON
SQL> update dept set deptno=50 where deptno=40;
1 row updated.
SQL> select sql_text from dba_fga_audit_trail;
SQL_TEXT
------------------------------
update dept set deptno=50 wher
e deptno=40
SQL>
SQL>
另外查看fga信息可以通过dba_fga_audit_trail进行查看,查看权限策略信息可以查看dba_audit_policies;
SQL> begin
2 dbms_fga.disable_policy(
3 object_schema=>'SCOTT',
4 object_name=>'DEPT',
5 policy_name=>'EMP_AUDIT');
6 END;
7
8 /
PL/SQL procedure successfully completed.
SQL> SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME,ENABLED FROM DBA_AUDIT_POLICIES;
OBJECT_SCHEMA OBJECT_NAME POLICY_OWNER POLICY_NAME ENA
------------------------------ -------------------------------------------------- ------------------------------ ------------------------------ ---
SCOTT DEPT SYS EMP_AUDIT NO
SQL> BEGIN
2 DBMS_FGA.ENABLE_POLICY(
3 object_schema=>'SCOTT',
4 object_name=>'DEPT',
5 policy_name=>'EMP_AUDIT');
6 END;
7 /
PL/SQL procedure successfully completed.
SQL> SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME,POLICY_COLUMN,ENABLED FROM DBA_AUDIT_POLICIES;
OBJECT_SCHEMA OBJECT_NAME POLICY_OWNER POLICY_NAME POLICY_COLUMN ENA
------------------------------ -------------------------------------------------- ------------------------------ ------------------------------ ------------------------------ ---
SCOTT DEPT SYS EMP_AUDIT DEPTNO YES
SQL>
SQL> BEGIN
2 DBMS_FGA.DROP_POLICY(
3 object_schema=>'SCOTT',
4 object_name=>'DEPT',
5 policy_name=>'EMP_AUDIT');
6 END;
7 /
PL/SQL procedure successfully completed.
SQL> COL OBJECT_NAME FOR A20
SQL> SELECT OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME,POLICY_COLUMN,ENABLED FROM DBA_AUDIT_POLICIES;
no rows selected
SQL>
另外对于audit_trail设置为os,需要在操作系统上进行日志设置。参考:http://docs.oracle.com/cd/E11882_01/server.112/e40402/initparams016.htm#REFRN10263
That's all;