audit truncate?
- From: "Don Granaman" <granaman@xxxxxxx>
- To: "'ORACLE-L'" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 4 Apr 2013 16:10:31 -0500
I was wondering if anyone knows where this one came from, if it ever worked
(perhaps only in some now-antiquated version), etc. I just discovered it
(by accident) and I've been into Oracle auditing rather heavily for well
over a decade.
There seems to be a lot of bad information about auditing (in general and
auditing truncation in particular) in the OTN forums. The short story is
that if you want to audit truncation, the ONLY reliable method I know of is
the shortcut "audit table". Some (including at least one Oracle ACE) seem
to think that the answer is "audit truncate table", but that is not even
valid syntax. "Audit truncate" is valid syntax, but seems to do absolutely
nothing. No record in generated in either DBA_STMT_AUDIT_OPTS or
DBA_PRIV_AUDIT_OPTS and it never generates an audit trail record - at least
in my tests which include 9.2.0.4, 10.2.0.1, 10.2.0.5 and 11.2.0.3. Object
auditing (e.g. audit all on SCOTT.EMP) never generates an audit record for
truncation.
Many recommend "audit DROP ANY TABLE" since that system privilege is
required to truncate a table in another user's schema, however it only
generates an audit trail record if the user issuing the statement actually
has the DROP ANY TABLE privilege and attempts (successfully or
unsuccessfully) to truncate a table in another user's schema - in other
words IFF the privilege is actually possessed and needed.
In anyone has any information to the contrary or (better) a repeatable test
case that disproves any of the above, I would love to see it!
-Don Granaman (OraSaurus)
--
//www.freelists.org/webpage/oracle-l
Other related posts:
