OracleFGA细粒度审计

页面导航:首页 > 数据库 > oracle > OracleFGA细粒度审计

OracleFGA细粒度审计

来源: 作者: 时间:2016-01-29 09:07 【

如果你想要审计表上,在某个时间,哪些人,操作哪些DML语句,用FGA是个不错的选择。SQL select * from v$version;Oracle Database 11g Enterprise Edition Release 11 2 0 1 0 - 64bit Prod

如果你想要审计表上,在某个时间,哪些人,操作哪些DML语句,用FGA是个不错的选择。

SQL> select * from v$version;
Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for : Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production

SQL> exec DBMS_FGA.ADD_POLICY(object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1',enable=>TRUE,statement_types=>'UPDATE,delete',audit_trail=>DBMS_FGA.DB+DBMS_FGA.EXTENDED,audit_column_opts=>DBMS_FGA.ANY_COLUMNS);--

SQL> col SQL_TEXT format a80
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;

SQL> update test set subobject_name=object_id where rownum=1;
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;
update test set subobject_name=object_id where rownum=1 01-12月-14

SQL> update test set subobject_name=object_id where rownum<100;
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;
update test set subobject_name=object_id where rownum<100 01-12月-14
update test set subobject_name=object_id where rownum=1 01-12月-14

SQL> delete from sys.fga_log$;
SQL> commit;
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;

SQL>

还有让审计失效、激活、删除的方法:

exec DBMS_FGA.DISABLE_POLICY (object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1');
exec DBMS_FGA.ENABLE_POLICY (object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1');
exec DBMS_FGA.DROP_POLICY(object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1');

官方文档的位置是:

Oracle? Database PL/SQL Packages and Types Reference 11g Release 2 (11.2) DBMS_FGA

Table 66-2 ADD_POLICY Procedure Parameters

Parameter Description Default Value

object_schema

The schema of the object to be audited. (If NULL, the current log-on user schema is assumed.)

NULL

object_name

The name of the object to be audited.

-

policy_name

The unique name of the policy.

-

audit_condition

A condition in a row that indicates a monitoring condition. NULL is allowed and acts as TRUE.

NULL

audit_column

The columns to be checked for access. These can include OLS hidden columns or object type columns. The default, NULL, causes audit if any column is accessed or affected.

NULL

handler_schema

The schema that contains the event handler. The default, NULL, causes the current schema to be used.

NULL

handler_module

The function name of the event handler; includes the package name if necessary. This function is invoked only after the first row that matches the audit condition in the query is processed. If the procedure fails with an exception, the user SQL statement will fail as well.

NULL

enable

Enables the policy if TRUE, which is the default.

TRUE

statement_types

The SQL statement types to which this policy is applicable: INSERT, UPDATE,DELETE, or SELECT only.

SELECT

audit_trail

Destination (DB or XML) of fine grained audit records. Also specifies whether to populate LSQLTEXT and LSQLBIND in fga_log$.

DB+EXTENDED

audit_column_opts

Establishes whether a statement is audited when the query referencesany column specified in the audit_column parameter or only when allsuch columns are referenced.

ANY_COLUMNS


Tags:

文章评论

最 近 更 新
热 点 排 行
Js与CSS工具
代码转换工具

<