Auditing DBA privs

The Inspector General office is breathing down our necks here and is requesting that we audit all activities performed by anyone with DBAish role privs. We are currently on version 9i and are currently using the 'soon to be discontinued' DBA role.  

At first glance, it appears that this would be simple. I've started looking into this and have found that 'audit DBA on session' isn't going to do the trick because of the limitations/bugs in the execution of that statement. I guess that auditing DBA really isn't auditing everything that someone with the DBA role does. This is turning into the 300 lb gorilla.  

Anyway - I'm looking into setting up auditing for everything defined in the dba_sys_privs view that is granted to DBA. That should get a large majority of the specific DBAish commands, but it will also get 'create sequence', 'create view', etc. Those are not DBA specific roles and those are not commands that can only be executed by someone with DBA privileges. HHmm...  

Does anyone have experience in 9i auditing the commands of userids with DBA role assigned to them? Has anyone gone through this exercise before and is willing to share their experiences and pitfalls?  

I know that I'm potentially looking at a lot of data in the AUD$ table - managing it and reporting it is going to be a fun project in itself, but first things first.  

Thanks  

Steve Smith

Desk: 303-231-5499

Fax: 303-231-5696  

--
http://www.freelists.org/webpage/oracle-l