Re: AUDIT question
- From: Subodh Deshpande <deshpande.subodh@xxxxxxxxx>
- To: bill@xxxxxxxxxxxx
- Date: Fri, 11 Nov 2011 13:11:18 +0530
indeed you should do it..and can do it..and there is one gotcha in it..
the gotcha is if you are auditing the database then just finding out the
users who has been assigned dba role may not be sufficient..to avoid this I
will suggest..followings..
0) find out how many roles there in your database..
1) then find out which are grants and privs they have.
2) then find out which user has given which roles
3) then find out which users has given extra privileges other than these
roles..
4) and then start questioning why this is required..
if your database has been migrated(mostly using export/import) from
previous releases..then it is likely that you will find many users they
have connect, resource dba roles, privileges..in 9.x
On 10 November 2011 20:46, Bill Zakrzewski <bill@xxxxxxxxxxxx> wrote:
> Environment:
>
> Oracle 9.2.0.8.0
> HP-UX 11.11
>
>
> We would like to audit all activities of the oracle users that have the
> DBA role granted. My initial thought was to create a logon trigger to
> check for the DBA role and turn auditing on for that particular session,
> but I do not believe that is an option. Any ideas?
>
> Thanks,
> Bill--
> //www.freelists.org/webpage/oracle-l
>
>
>
--
=============================================
TRUTH WINS AT LAST, DO NOT FORGET TO SMILE TODAY
=============================================
--
//www.freelists.org/webpage/oracle-l
Other related posts:
