from 阅读笔记 dbms_fga 包的使用,对表设定审计策略
piner的文章:
http://www.oracle.com.cn/thread-3582-1-162.html
http://www.oracle.com.cn/thread-1824-1-1.html
使用dbms_fga包可以,审计表的Select语句,在特定的情况下,如果想跟踪一个表的Select语句已便于优化,使用这个包是非常好的;
对于使用绑定变量的语句也能获取到变量值(DBA_FGA_AUDIT_TRAIL.SQL_BIND字段). DBMS_FGA包同普通审计与DML触发器一样,如果对过多的表进行审计,将会严重影响性能。
实验:
1) 建策略:
BEGIN
dbms_fga.add_policy( object_schema => 'CRM2',
object_name => 'TMP_DETAIL',
policy_name => 'chk_test2',
audit_condition => 'STATUS=3',
audit_column => 'STATUS',
enable => TRUE ,
handler_schema => 'CRM2',
handler_module => 'SP_CHK_MYTABLE' );
END;
/
2) 建表,存储过程 SP_CHK_MYTABLE:
create table audit$proc (audtime date,loguser varchar2(64),audsid number, clientip varchar2(64),object_schema varchar2(64), object_name varchar2(64), policy_name varchar2(64));
CREATE or replace PROCEDURE sp_chk_mytable (
p_object_schema VARCHAR2,
p_object_name VARCHAR2,
p_policy_name VARCHAR2) AS
BEGIN
INSERT INTO audit$proc (audtime,loguser,audsid, clientip,
object_schema, object_name, policy_name )
VALUES (sysdate,ora_login_user,userenv('SESSIONID'),
sys_context('userenv','ip_address'),p_object_schema,p_object_name, p_policy_name );
commit;
END sp_chk_mytable;
3)
运行 select * from TMP_DETAIL where rownum<2; 触发审核策略;
查 audit$proc表,dba_fga_audit_trail视图; dbms_fga包自动带入sp_chk_mytable过程所需要的三个参数,audit$proc表的记录正确.
--参阅sql reference 文档,sys_context函数:
select
sys_context('userenv','AUDITED_CURSORID'),
sys_context('userenv','AUTHENTICATION_DATA'),
sys_context('userenv','AUTHENTICATION_TYPE'),
sys_context('userenv','BG_JOB_ID'),
sys_context('userenv','CLIENT_IDENTIFIER'),
sys_context('userenv','CLIENT_INFO'),
sys_context('userenv','CURRENT_SCHEMA'),
sys_context('userenv','CURRENT_SCHEMAID'),
sys_context('userenv','CURRENT_SQL'),
sys_context('userenv','CURRENT_USER'),
sys_context('userenv','CURRENT_USERID'),
sys_context('userenv','DB_DOMAIN'),
sys_context('userenv','DB_NAME'),
sys_context('userenv','EXTERNAL_NAME'),
sys_context('userenv','FG_JOB_ID'),
sys_context('userenv','GLOBAL_CONTEXT_MEMORY'),
sys_context('userenv','HOST'),
sys_context('userenv','INSTANCE'),
sys_context('userenv','IP_ADDRESS'),
sys_context('userenv','ISDBA'),
sys_context('userenv','LANG'),
sys_context('userenv','LANGUAGE'),
sys_context('userenv','NETWORK_PROTOCOL'),
sys_context('userenv','NLS_CALENDAR'),
sys_context('userenv','NLS_CURRENCY'),
sys_context('userenv','NLS_DATE_FORMAT'),
sys_context('userenv','NLS_DATE_LANGUAGE'),
sys_context('userenv','NLS_SORT'),
sys_context('userenv','NLS_TERRITORY'),
sys_context('userenv','OS_USER'),
sys_context('userenv','PROXY_USER'),
sys_context('userenv','PROXY_USERID'),
sys_context('userenv','SESSION_USER'),
sys_context('userenv','SESSION_USERID'),
sys_context('userenv','SESSIONID'),
sys_context('userenv','TERMINAL') ,
SYS_CONTEXT('USERENV','ENTRYID')
from dual;
p.s.
以上实验带入 handler_module 的情况会造成表里面的status=3的记录都查询不到的情况,大致判断是查询语句跑进 过程里面去了. 现象是status=3的记录都被屏蔽了,去掉 handler_module 参数后正常.