Both SQL statements and access to a particular
database object can be audited; the success or failure of the action (or both) can be recorded in
the audit trail table, SYS.AUD$, or in an O/S file if specified by the AUDIT_TRAIL initialization
parameter with a value of OS.
For each audited operation, Oracle creates an audit record with the username, the type of
operation that was performed, the object involved, and a timestamp. Various data dictionary
views, such as DBA_AUDIT_TRAIL and DBA_FGA_AUDIT_TRAIL, make interpreting the results
from the raw audit trail table SYS.AUD$ easier.
CAUTION
Excessive auditing on database objects can have an adverse effect
on performance. Start out with basic auditing on key privileges and
objects, and expand the auditing when the basic auditing has revealed
a potential problem.
Fine-grained Auditing
The fine-grained auditing capability that was introduced in Oracle9i and enhanced in both
Oracle 10g and Oracle 11g takes auditing one step further: Standard auditing can detect when a
select statement was executed on an EMPLOYEE table; fine-grained auditing will record an audit
record containing specific columns accessed in the EMPLOYEE table, such as the SALARY column.
Chapter 1: Getting Started with the Oracle Architecture 41
Fine-grained auditing is implemented using the DBMS_FGA package along with the data
dictionary view DBA_FGA_AUDIT_TRAIL. The data dictionary view DBA_COMMON_AUDIT_
TRAIL combines standard audit records in DBA_AUDIT_TRAIL with fine-grained audit records.
Pages:
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125