阅读笔记 dbms_fga 包的使用,对表设定审计策略

from 阅读笔记 dbms_fga 包的使用,对表设定审计策略

piner的文章: 
http://www.oracle.com.cn/thread-3582-1-162.html
http://www.oracle.com.cn/thread-1824-1-1.html

  使用dbms_fga包可以,审计表的Select语句,在特定的情况下，如果想跟踪一个表的Select语句已便于优化，使用这个包是非常好的;
  对于使用绑定变量的语句也能获取到变量值(DBA_FGA_AUDIT_TRAIL.SQL_BIND字段). DBMS_FGA包同普通审计与DML触发器一样，如果对过多的表进行审计，将会严重影响性能。

实验:
1) 建策略:
BEGIN 
dbms_fga.add_policy( object_schema => 'CRM2', 
         object_name => 'TMP_DETAIL', 
         policy_name => 'chk_test2', 
         audit_condition => 'STATUS=3', 
         audit_column => 'STATUS', 
         enable => TRUE ,
         handler_schema => 'CRM2',
         handler_module => 'SP_CHK_MYTABLE' ); 
END; 
/

2) 建表,存储过程 SP_CHK_MYTABLE:  
create table audit$proc (audtime date,loguser varchar2(64),audsid number, clientip varchar2(64),object_schema varchar2(64), object_name varchar2(64), policy_name varchar2(64));
CREATE or replace PROCEDURE sp_chk_mytable ( 
 p_object_schema VARCHAR2, 
 p_object_name   VARCHAR2, 
 p_policy_name   VARCHAR2) AS 
BEGIN 
 INSERT  INTO audit$proc (audtime,loguser,audsid, clientip,
     object_schema, object_name, policy_name ) 
 VALUES (sysdate,ora_login_user,userenv('SESSIONID'),
        sys_context('userenv','ip_address'),p_object_schema,p_object_name, p_policy_name ); 
        commit;
END sp_chk_mytable;

3) 
运行 select * from TMP_DETAIL where rownum<2; 触发审核策略;
查 audit$proc表,dba_fga_audit_trail视图; dbms_fga包自动带入sp_chk_mytable过程所需要的三个参数,audit$proc表的记录正确.

--参阅sql reference 文档,sys_context函数:
select 
sys_context('userenv','AUDITED_CURSORID'), 
sys_context('userenv','AUTHENTICATION_DATA'), 
sys_context('userenv','AUTHENTICATION_TYPE'), 
sys_context('userenv','BG_JOB_ID'), 
sys_context('userenv','CLIENT_IDENTIFIER'), 
sys_context('userenv','CLIENT_INFO'), 
sys_context('userenv','CURRENT_SCHEMA'), 
sys_context('userenv','CURRENT_SCHEMAID'), 
sys_context('userenv','CURRENT_SQL'), 
sys_context('userenv','CURRENT_USER'), 
sys_context('userenv','CURRENT_USERID'), 
sys_context('userenv','DB_DOMAIN'), 
sys_context('userenv','DB_NAME'), 
sys_context('userenv','EXTERNAL_NAME'), 
sys_context('userenv','FG_JOB_ID'), 
sys_context('userenv','GLOBAL_CONTEXT_MEMORY'), 
sys_context('userenv','HOST'), 
sys_context('userenv','INSTANCE'), 
sys_context('userenv','IP_ADDRESS'), 
sys_context('userenv','ISDBA'), 
sys_context('userenv','LANG'), 
sys_context('userenv','LANGUAGE'), 
sys_context('userenv','NETWORK_PROTOCOL'), 
sys_context('userenv','NLS_CALENDAR'), 
sys_context('userenv','NLS_CURRENCY'), 
sys_context('userenv','NLS_DATE_FORMAT'), 
sys_context('userenv','NLS_DATE_LANGUAGE'), 
sys_context('userenv','NLS_SORT'), 
sys_context('userenv','NLS_TERRITORY'), 
sys_context('userenv','OS_USER'), 
sys_context('userenv','PROXY_USER'), 
sys_context('userenv','PROXY_USERID'), 
sys_context('userenv','SESSION_USER'), 
sys_context('userenv','SESSION_USERID'), 
sys_context('userenv','SESSIONID'), 
sys_context('userenv','TERMINAL') ,
SYS_CONTEXT('USERENV','ENTRYID')
from dual;

p.s.

   以上实验带入 handler_module 的情况会造成表里面的status=3的记录都查询不到的情况,大致判断是查询语句跑进 过程里面去了. 现象是status=3的记录都被屏蔽了,去掉 handler_module 参数后正常.