Re: audit truncate?
- From: Rick Weiss <rweiss@xxxxxxxxx>
- To: granaman@xxxxxxx
- Date: Thu, 4 Apr 2013 15:16:28 -0600
My thought would be audit ALTER TABLE since alter is required permission
for TRUNCATE to occur
*Richard W Weiss*
Oracle DBA
Student Assistance Foundation
2500 Broadway
Helena, MT 59601
(406) 495-7356 Office
(406) 438-7007 Cell
rweiss@xxxxxxxxx
*The best way to predict your future is to create it.* --
*A<http://www.brainyquote.com/quotes/authors/c/c_s_lewis.html>
nonymous*
On Thu, Apr 4, 2013 at 3:10 PM, Don Granaman <granaman@xxxxxxx> wrote:
> I was wondering if anyone knows where this one came from, if it ever worked
> (perhaps only in some now-antiquated version), etc. I just discovered it
> (by accident) and I've been into Oracle auditing rather heavily for well
> over a decade.
>
>
> There seems to be a lot of bad information about auditing (in general and
> auditing truncation in particular) in the OTN forums. The short story is
> that if you want to audit truncation, the ONLY reliable method I know of is
> the shortcut "audit table". Some (including at least one Oracle ACE) seem
> to think that the answer is "audit truncate table", but that is not even
> valid syntax. "Audit truncate" is valid syntax, but seems to do absolutely
> nothing. No record in generated in either DBA_STMT_AUDIT_OPTS or
> DBA_PRIV_AUDIT_OPTS and it never generates an audit trail record - at least
> in my tests which include 9.2.0.4, 10.2.0.1, 10.2.0.5 and 11.2.0.3. Object
> auditing (e.g. audit all on SCOTT.EMP) never generates an audit record for
> truncation.
>
>
>
> Many recommend "audit DROP ANY TABLE" since that system privilege is
> required to truncate a table in another user's schema, however it only
> generates an audit trail record if the user issuing the statement actually
> has the DROP ANY TABLE privilege and attempts (successfully or
> unsuccessfully) to truncate a table in another user's schema - in other
> words IFF the privilege is actually possessed and needed.
>
>
>
> In anyone has any information to the contrary or (better) a repeatable test
> case that disproves any of the above, I would love to see it!
>
>
>
> -Don Granaman (OraSaurus)
>
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
----------------------------------------------
This email and any files transmitted with may be confidential and are
intended solely for the use of the individual or entity to which they are
addressed. If you have received this email in error please notify the
sender immediately and delete this e-mail from your system. This message
may contain confidential information and the contents of this email are
strictly prohibited from being disseminated, distributed, printed or copied.
Student Assistance Foundation
2500 Broadway
Helena MT 59601
http://www.safmt.org
----------------------------------------------
--
//www.freelists.org/webpage/oracle-l
Other related posts:
