Home » RDBMS Server » Security » fine grained auditing (11g)
fine grained auditing [message #495978] Wed, 23 February 2011 10:31 Go to next message
Barbaros
Messages: 2
Registered: February 2011
Location: Columbus, Ohio
Junior Member
Hi,

I am trying to use FGA to find out how many rows are accessed from a table with identifiers. For example I may have a table with customer IDs; if a query touching our customer ID table gets less than certain number of records (let's say 20) and/or gets more than a number (say 1,000 or getting everything), I want to know about the query that triggered it, and I want to know how many records were used in the result set... in the first case I may suspect that someone is looking for specific records on my customers and I would like to prevent that...in the second case they may be trying to get all my records I may want to prevent that as well. Overall, I would like to monitor and control who is accessing how much data. In other words, I would like to know during a select from a table how many rows were returned; so I can prevent delivery of results if I need to.

Thanks in advance and have a great day
Barbaros
Re: fine grained auditing [message #495998 is a reply to message #495978] Wed, 23 February 2011 11:27 Go to previous messageGo to next message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Seems a homework on FGA for me, what did you try to do to fit this "need"?

Always post your Oracle version, with 4 decimals (or at least 2).

Regards
Michel
Re: fine grained auditing [message #496005 is a reply to message #495998] Wed, 23 February 2011 12:26 Go to previous messageGo to next message
Barbaros
Messages: 2
Registered: February 2011
Location: Columbus, Ohio
Junior Member
Currently, we are on 11gR1.. so far we tried intercepting the SQL statement using the FGA.. then we try to parse the SQL to find out what part of the query or sub query is accessing the records and we wrap that portion of the query into a count statement,.. but as one can guess this could get quite ugly as statements can get more complex.. do you know any futures of Oracle that we can use?.. we don't mind upgrading to R2, etc.

Another question, to my understanding FGA on SELECT intercepts the query before its executed and almost runs like a filter (for example: if column.value > 20, FGA filters the row), but FGA does not have a clear way to manipulate the outcome after the execution of the statement is completed, am I wrong?

thanks again, kind regards.
Barbaros
Re: fine grained auditing [message #496007 is a reply to message #496005] Wed, 23 February 2011 12:29 Go to previous message
Michel Cadot
Messages: 68624
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
No, you are correct, afaik.

Regards
Michel
Previous Topic: Autotrace for user account
Next Topic: how to hide password in script
Goto Forum:
  


Current Time: Thu Mar 28 07:26:00 CDT 2024