Home » RDBMS Server » Server Administration » CUSTOMIZED AUDITING
CUSTOMIZED AUDITING [message #201084] Thu, 02 November 2006 08:10
Messages: 17
Registered: October 2006
Junior Member
We are looking at solution alternatives for a 'customized auditing'requirement, whereby we with to log GRANT/REVOKE statements made. In addition to the columns that out-of-box Oracle auditing would provide through SYS.AUD$, and its associated views (eg: DBA_AUDIT_TRAIL), we wish to record 2 additional 'custom' attributes - (1) TicketID and(2) BusinessReason for making the privilege change. Our front-end
interface that issues the GRANTS and REVOKES provides for collecting the custom attribute values, which we currently 'store' by setting public property values in a package.Our initial idea was to write an After Insert trigger on SYS.AUD$, but ORA-04089 disallows this, and for good reason !!
We're now considering writing 'AFTER GRANT ON DATABASE' and 'AFTER REVOKE ON DATABASE' database event triggers. This certainly can be done. If possible, in addition to our TicketID and BusinessReason custom attributes, we'd like to record whatever columns are needed to allow for 'linking to' the associated SYS.AUD$ row that is written if appopriate Oracle auditing is turned on. In this way, we would have access to the detailed attributes captured in SYS.AUD$.

There are 2 fundamental questions:

1. Would the associated SYS.AUD$ rows be in the table at the time our database event triggers are being performed ?

2. What set of columns from SYS.AUD$ would support the 'linking' capability ?

Previous Topic: NoBody is there for MIgration
Next Topic: RAC instance name - Can i choose my OWN?
Goto Forum:

Current Time: Mon Aug 21 03:16:52 CDT 2017

Total time taken to generate the page: 0.02279 seconds