Re: dbms_fga
- From: "Robert Bialek" <bialekr@xxxxxxxxx>
- To: <wojciech.skrzynecki@xxxxxxxxx>
- Date: Thu, 3 Jan 2008 10:16:21 +0100
Hi Wojtek,
it's possible with "audit_condition" parameter:
SQL> truncate table fga_log$;
Table truncated.
SQL> exec dbms_fga.ADD_POLICY(-
object_schema=>'HR',-
object_name=>'EMPLOYEES',-
policy_name=>'FGA_EMP',-
audit_column => null,-
audit_condition=>'SYS_CONTEXT(''USERENV'',''OS_USER'') = ''test1'' ',-
statement_types=>'SELECT',-
audit_trail=>DBMS_FGA.DB);
PL/SQL procedure successfully completed.
...
oracle@rhas1:~/ [orcl6] id
uid=102(oracle) gid=101(dba) groups=101(dba)
oracle@rhas1:~/ [orcl6] sqlplus system/manager
SQL> select EMPLOYEE_ID from hr.employees where rownum<2;
EMPLOYEE_ID
-----------
100
SQL> select policy_name,object_name, statement_type, os_user, db_user from
dba_fga_audit_trail;
no rows selected
SQL> exit
...
oracle@rhas1:~/ [orcl6] su - test1
Password:
...
[test1@rhas1 ~]$ sqlplus system/manager
SQL*Plus: Release 10.2.0.2.0 - Production on Thu Jan 3 10:03:50 2008
Copyright (c) 1982, 2005, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> !id
uid=500(test1) gid=500(test1) groups=500(test1)
SQL> select EMPLOYEE_ID from hr.employees where rownum<2;
EMPLOYEE_ID
-----------
100
SQL> select policy_name,object_name, statement_type, os_user, db_user from
dba_fga_audit_trail;
POLICY_NAME OBJECT_NAME STATEME OS_USER DB_USER
------------------------------ --------------- ------- ---------------
------------------------------
FGA_EMP EMPLOYEES SELECT test1 SYSTEM
Best regards,
Robert
----- Original Message -----
From: Wojciech Skrzynecki
To: oracle-l@xxxxxxxxxxxxx
Sent: Thursday, January 03, 2008 12:21 AM
Subject: dbms_fga
Is it possible to audit only specifics "osuser" using dbms_fga package? If
not can I monitor select statements on the table of some osuser?
Other related posts:
