RE: Curious Audit Record
- From: "Hostetter, Jay M" <JHostetter@xxxxxxxxxxxxxxxxxxxx>
- To: "Kerber, Andrew W." <Andrew.Kerber@xxxxxxx>, "Oracle Discussion List" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 15 Nov 2007 14:35:09 -0500
Thanks Andrew. That is exactly what happened. I duplicated it in our
test database. The trigger was invalid due to database changes made
earlier in the day. This user was the first to hit the trigger, which
caused it to recompile. I was just thrown off by the "CREATE TRIGGER"
action in the audit trail.
Thanks,
Jay
________________________________
From: Kerber, Andrew W. [mailto:Andrew.Kerber@xxxxxxx]
Sent: Thursday, November 15, 2007 2:20 PM
To: Hostetter, Jay M; Oracle Discussion List
Subject: RE: Curious Audit Record
At a guess, the trigger compiled automatically when it was called by an
action that the user did. Probably generated a create or replace
command by forcing a compile.
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Hostetter, Jay M
Sent: Thursday, November 15, 2007 12:24 PM
To: Oracle Discussion List
Subject: Curious Audit Record
I have a DBA_AUDIT_TRAIL record that seems to indicate that a user
successfully created a trigger. However, that user only has the "CREATE
SESSION" system privilege, along with object privileges granted through
roles. I'm trying to figure out how this user created or modified the
trigger (which is in another schema). If I look at DBA_OBJECTS, I see
that the timestamps for the trigger (TIMESTAMP and LAST_DDL_TIME )
correspond to the time when this audit record was created. So it looks
like the user actually did modify the trigger (which was preexisting).
I couldn't find any audit records that would indicate that the user was
temporarily granted privileges either. I've tried creating/updating the
trigger in our corresponding test database, but I get the expected
errors (and audit records). Is there some bug that could possibly be
related to this? Am I missing some security loophole? I haven't had
much luck searching Metalink. Just curious if anybody else has run into
this.
We running 9.2.0.7 on AIX.
Thank you,
Jay
TIMESTAMP USERNAME RETURNCODE OWNER OBJ_NAME ACTION_NAME
COMMENT_TEXT
--------- ---------- ---------- -------- ------------
--------------------------- ------------------
14-NOV-07 CSR123 0 MDX TU_TELNO CREATE TRIGGER
UPDATE
**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use
of the individual or entity to which they are addressed and may contain
information that is privileged, proprietary and confidential. If you are not
the intended recipient, you may not use, copy or disclose to anyone the message
or any information contained in the message. If you have received this
communication in error, please notify the sender and delete this e-mail
message. The contents do not represent the opinion of D&E except to the extent
that it relates to their official business.
Other related posts:
