RE: DBA_STMT_AUDIT_OPTS versus DBA_PRIV_AUDIT_OPTS and SELECT ANY TABLE (Confused)

  • From: Don Granaman <DonGranaman@xxxxxxxxxxxxxxx>
  • To: "Christopher.Taylor2@xxxxxxxxxxxx" <Christopher.Taylor2@xxxxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
  • Date: Mon, 11 Mar 2013 12:21:06 -0500

Actually, almost all privilege and statement auditing shows up in both views.  
(I have no idea why though.)  The only auditing initiated by "audit select any 
table" is auditing the use of the 'SELECT ANY TABLE" system privilege.  It does 
NOT mean that selects are being audited against all tables, even for users 
without this system privilege.

Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955  | Solutionary - Relevant 
| Intelligent | Security

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Christopher.Taylor2@xxxxxxxxxxxx
Sent: Monday, March 11, 2013 11:48 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: DBA_STMT_AUDIT_OPTS versus DBA_PRIV_AUDIT_OPTS and SELECT ANY TABLE 
(Confused)

Env: 10.2.0.4
It's my understanding that DBA_PRIV_AUDIT_OPTS audits the use of database 
privileges (such as SELECT ANY TABLE) and that DBA_STMT_AUDIT_OPTS audits 
particular statement types.

If this is true and I see SELECT ANY TABLE listed in BOTH views, does that mean 
that SELECTS on ANY TABLE are getting audited as it shows up in 
DBA_STMT_AUDIT_OPTS?

And selects done through the privilege SELECT ANY TABLE are being audited 
because it shows up in DBA_PRIV_AUDIT_OPTS?

There's a subtle difference in the above - it seems that SELECT ANY TABLE in 
DBA_STMT_AUDIT_OPTS might be showing that ALL selects are being audited, but 
I'm not sure that's true because I do *not* have SELECT TABLE being audited yet 
SELECTS are showing up in my audit logs (using OS db audit trail).

Thoughts?


Chris Taylor
Oracle DBA
Parallon IT&S


--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l


Other related posts: