RE: Curious Audit Record
- From: "Baumgartel, Paul" <paul.baumgartel@xxxxxxxxxxxxxxxxx>
- To: JHostetter@xxxxxxxxxxxxxxxxxxxx, "Kerber, Andrew W." <Andrew.Kerber@xxxxxxx>, "Oracle Discussion List" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 15 Nov 2007 15:53:34 -0500
I wonder why CREATE OR REPLACE and not ALTER TRIGGER...COMPILE?
Paul Baumgartel
CREDIT SUISSE
Information Technology
Securities Processing Databases Americas
One Madison Avenue
New York, NY 10010
USA
Phone 212.538.1143
paul.baumgartel@xxxxxxxxxxxxxxxxx
www.credit-suisse.com
________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Hostetter, Jay M
Sent: Thursday, November 15, 2007 2:35 PM
To: Kerber, Andrew W.; Oracle Discussion List
Subject: RE: Curious Audit Record
Thanks Andrew. That is exactly what happened. I duplicated it in our
test database. The trigger was invalid due to database changes made
earlier in the day. This user was the first to hit the trigger, which
caused it to recompile. I was just thrown off by the "CREATE TRIGGER"
action in the audit trail.
Thanks,
Jay
________________________________
From: Kerber, Andrew W. [mailto:Andrew.Kerber@xxxxxxx]
Sent: Thursday, November 15, 2007 2:20 PM
To: Hostetter, Jay M; Oracle Discussion List
Subject: RE: Curious Audit Record
At a guess, the trigger compiled automatically when it was called by an
action that the user did. Probably generated a create or replace
command by forcing a compile.
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Hostetter, Jay M
Sent: Thursday, November 15, 2007 12:24 PM
To: Oracle Discussion List
Subject: Curious Audit Record
I have a DBA_AUDIT_TRAIL record that seems to indicate that a user
successfully created a trigger. However, that user only has the "CREATE
SESSION" system privilege, along with object privileges granted through
roles. I'm trying to figure out how this user created or modified the
trigger (which is in another schema). If I look at DBA_OBJECTS, I see
that the timestamps for the trigger (TIMESTAMP and LAST_DDL_TIME )
correspond to the time when this audit record was created. So it looks
like the user actually did modify the trigger (which was preexisting).
I couldn't find any audit records that would indicate that the user was
temporarily granted privileges either. I've tried creating/updating the
trigger in our corresponding test database, but I get the expected
errors (and audit records). Is there some bug that could possibly be
related to this? Am I missing some security loophole? I haven't had
much luck searching Metalink. Just curious if anybody else has run into
this.
We running 9.2.0.7 on AIX.
Thank you,
Jay
TIMESTAMP USERNAME RETURNCODE OWNER OBJ_NAME ACTION_NAME
COMMENT_TEXT
--------- ---------- ---------- -------- ------------
--------------------------- ------------------
14-NOV-07 CSR123 0 MDX TU_TELNO CREATE TRIGGER
UPDATE
**DISCLAIMER This e-mail message and any files transmitted with it are
intended for the use of the individual or entity to which they are
addressed and may contain information that is privileged, proprietary
and confidential. If you are not the intended recipient, you may not
use, copy or disclose to anyone the message or any information contained
in the message. If you have received this communication in error, please
notify the sender and delete this e-mail message. The contents do not
represent the opinion of D&E except to the extent that it relates to
their official business.
==============================================================================
Please access the attached hyperlink for an important electronic communications
disclaimer:
http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html
==============================================================================
Other related posts:
