Re: AUDIT question

From: Bill Zakrzewski <bill_at_intactus.com>
Date: Thu, 10 Nov 2011 14:38:41 -0500
Message-Id: <7F0580D9-30C4-49D8-9928-3338CE078975_at_intactus.com>

Thanks for all your responses. It is a requirement placed upon us by the security organization to audit all activities of users having the DBA role. I know this will cause additional overhead, but it is limited to a handful of users. I have been reading several documents and think I found the proper way to configure auditing for this scenario.

AUDIT ALL BY <dbauser1, dbauser2, etc> BY ACCESS;

Then I have to add....

AUDIT INSERT, UPDATE, DELETE, ALTER TABLE, EXECUTE PROCEDURE, etc. BY <dbauser1, dbauser2, etc> BY ACCESS;

Then when anyone grants DBA to a new user they will need to set up auditing for that particular user, just another step when creating privileged users.

The oracle documents I was reading did not do a great job of illustrating how to audit actions of a single user, but some other websites supplied the necessary information. I also found out AUDIT ALL does not audit "all" :-)

Thanks again,
Bill

On Nov 10, 2011, at 1:57 PM, Powell, Mark wrote:

> Do you really need to audit DBA users? What about auditing actions such as audit table, audit view, audit procedure, etc ... so all create table, alter table, and drop table etc... have an audit record created for the action.
>
> You can also turn auditing on for user SYS activities.
>
> Between the two features above you get a manageable but pretty decent record of DDL actions.
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Bill Zakrzewski
> Sent: Thursday, November 10, 2011 10:17 AM
> To: oracle-l_at_freelists.org L
> Subject: AUDIT question
>
> Environment:
>
> Oracle 9.2.0.8.0
> HP-UX 11.11
>
>
> We would like to audit all activities of the oracle users that have the DBA role granted. My initial thought was to create a logon trigger to check for the DBA role and turn auditing on for that particular session, but I do not believe that is an option. Any ideas?
>
> Thanks,
> Bill--
> http://www.freelists.org/webpage/oracle-l
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Nov 10 2011 - 13:38:41 CST

This message: [ Message body ]
Next message: Scott Canaan: "RE: Oracle On Windows Question"
Previous message: D'Hooge Freek: "RE: Oracle On Windows Question"
In reply to: Powell, Mark: "RE: AUDIT question"
Next in thread: Wayne Smith: "Re: AUDIT question"
Reply: Wayne Smith: "Re: AUDIT question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message