Re: dbms_fga
Date: Thu, 3 Jan 2008 10:16:21 +0100
Message-ID: <00d801c84de9$4f7c3d00$0100a8c0@ltbir>
Hi Wojtek,
it's possible with "audit_condition" parameter:
SQL> truncate table fga_log$;
Table truncated.
SQL> exec dbms_fga.ADD_POLICY(-
object_schema=>'HR',- object_name=>'EMPLOYEES',- policy_name=>'FGA_EMP',-
audit_column => null,-
audit_condition=>'SYS_CONTEXT(''USERENV'',''OS_USER'') = ''test1'' ',- statement_types=>'SELECT',-
audit_trail=>DBMS_FGA.DB);
PL/SQL procedure successfully completed.
...
oracle_at_rhas1:~/ [orcl6] id
uid=102(oracle) gid=101(dba) groups=101(dba)
oracle_at_rhas1:~/ [orcl6] sqlplus system/manager SQL> select EMPLOYEE_ID from hr.employees where rownum<2;
EMPLOYEE_ID
100
SQL> select policy_name,object_name, statement_type, os_user, db_user from dba_fga_audit_trail;
no rows selected
SQL> exit
...
oracle_at_rhas1:~/ [orcl6] su - test1
Password:
...
[test1_at_rhas1 ~]$ sqlplus system/manager
SQL*Plus: Release 10.2.0.2.0 - Production on Thu Jan 3 10:03:50 2008
Copyright (c) 1982, 2005, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> !id
uid=500(test1) gid=500(test1) groups=500(test1)
SQL> select EMPLOYEE_ID from hr.employees where rownum<2;
EMPLOYEE_ID
100
SQL> select policy_name,object_name, statement_type, os_user, db_user from dba_fga_audit_trail;
POLICY_NAME OBJECT_NAME STATEME OS_USER DB_USER ------------------------------ --------------- ------- --------------- ------------------------------ FGA_EMP EMPLOYEES SELECT test1 SYSTEM
Best regards,
Robert
- Original Message ----- From: Wojciech Skrzynecki To: oracle-l_at_freelists.org Sent: Thursday, January 03, 2008 12:21 AM Subject: dbms_fga
Is it possible to audit only specifics "osuser" using dbms_fga package? If not can I monitor select statements on the table of some osuser?
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Jan 03 2008 - 03:16:21 CST