Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> RE: fine grained access
thanks all for your quick replies. I think i will write a few triggers to do
the trick.
<<Re: fine grained access>>
attached mail follows:
Hi Arup,
LogMiner is fine for certain tasks but not for auditing everything, it has some deficiencies such as it cannot be used in an MTS environment as it uses PGA memory, it doesn't fully support chained and migrated rows (fixed in 9i), doesn't support selects (as they are not recorded in the redo prior to 9i), doesn't fully support objects of analysis of IOT's or clustered tables.
But I do agree with you that the best solution is to use regular audit or normal user triggers.
If the poster wants to use Fine Grained audit then there are a few links to some good documents on my site http://www.petefinnigan.com/orasec.htm that cover FGA.
kind regards
Pete
>However, FGA is bit of an overkill in your case. It's typically the only
>solution for auditing the seelct statements. For changes
>(insert/update/delete), you could employ the regular auditing (AUDIT). that
>will tell you who changed something, but not what. To see the what, you
>could use log miner to unearth those statements with the data.
>
-- Pete Finnigan email:pete_at_petefinnigan.com Web site: http://www.petefinnigan.com - Oracle security audit specialists Book:Oracle security step-by-step Guide - see http://store.sans.org for details. -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Pete Finnigan INET: oracle_list_at_peterfinnigan.demon.co.uk Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: GKor_at_rdw.nl Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Thu Jul 03 2003 - 02:42:45 CDT