Re: fine grained access

Hi Arup,

LogMiner is fine for certain tasks but not for auditing everything, it has some deficiencies such as it cannot be used in an MTS environment as it uses PGA memory, it doesn't fully support chained and migrated rows (fixed in 9i), doesn't support selects (as they are not recorded in the redo prior to 9i), doesn't fully support objects of analysis of IOT's or clustered tables.

But I do agree with you that the best solution is to use regular audit or normal user triggers.

If the poster wants to use Fine Grained audit then there are a few links to some good documents on my site http://www.petefinnigan.com/orasec.htm that cover FGA.

kind regards

Pete

>However, FGA is bit of an overkill in your case. It's typically the only
>solution for auditing the seelct statements. For changes
>(insert/update/delete), you could employ the regular auditing (AUDIT). that
>will tell you who changed something, but not what. To see the what, you
>could use log miner to unearth those statements with the data.
>

-- 
Pete Finnigan
email:[EMAIL PROTECTED]
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Pete Finnigan
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).