Exactly Subodh, there are single privileges just as good as being DBA, i.e. GRANT ANY ROLE, therefore you need to audit these are well as they are "potential DBA", also "all privileges" granted is just as good, also SYSDBA is just as good. You need to find the role via roles, i.e. use http://www.petefinnigan.com/who_has_role.sql and find via a heirarchy. You can audit the DBA role in one command - see http://www.petefinnigan.com/forum/yabb/YaBB.cgi?board=ora_aud;action=display;num=1179990496 Auditing DBA's was discussed on my blog 7 years ago - http://www.petefinnigan.com/weblog/archives/00000039.htm cheers Pete Subodh Deshpande wrote: > indeed you should do it..and can do it..and there is one gotcha in it.. > the gotcha is if you are auditing the database then just finding out the > users who has been assigned dba role may not be sufficient..to avoid this I > will suggest..followings.. > 0) find out how many roles there in your database.. > 1) then find out which are grants and privs they have. > 2) then find out which user has given which roles > 3) then find out which users has given extra privileges other than these > roles.. > 4) and then start questioning why this is required.. > if your database has been migrated(mostly using export/import) from > previous releases..then it is likely that you will find many users they > have connect, resource dba roles, privileges..in 9.x > > > > On 10 November 2011 20:46, Bill Zakrzewski <bill@xxxxxxxxxxxx> wrote: > >> Environment: >> >> Oracle 9.2.0.8.0 >> HP-UX 11.11 >> >> >> We would like to audit all activities of the oracle users that have the >> DBA role granted. My initial thought was to create a logon trigger to >> check for the DBA role and turn auditing on for that particular session, >> but I do not believe that is an option. Any ideas? >> >> Thanks, >> Bill-- >> //www.freelists.org/webpage/oracle-l >> >> >> > > -- Pete Finnigan CEO and Founder PeteFinnigan.com Limited Specialists in database security. Makers of PFCLScan the database security auditing tool. Makers of PFCLObfuscate the tool to protect IPR in your PL/SQL If you need help to audit or secure an Oracle database, please ask for details of our training courses and consulting services Phone: +44 (0)1904 791188 Fax : +44 (0)1904 791188 Mob : +44 (0)7759 277220 email: pete@xxxxxxxxxxxxxxxx site : http://www.petefinnigan.com Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom Company No : 4664901 VAT No. : 940668114 Please note that this email communication is intended only for the addressee and may contain confidential or privileged information. The contents of this email may be circulated internally within your organisation only and may not be communicated to third parties without the prior written permission of PeteFinnigan.com Limited. This email is not intended nor should it be taken to create any legal relations, contractual or otherwise. -- //www.freelists.org/webpage/oracle-l