Re: Auditing when user set the role only

From: Jared Still <jkstill_at_gmail.com>
Date: Mon, 10 Aug 2009 10:13:50 -0700
Message-ID: <bf46380908101013p72a7cee2i7b7f76a21fca760_at_mail.gmail.com>

On Mon, Aug 10, 2009 at 9:01 AM, nilesh kumar <nileshkum_at_gmail.com> wrote:

> I have a requirement where in I need to audit every statement issued by a
> user who sets(enable) the role. I have granted the role to a particular set
> of users. If the user has not set the role then it should not audit. I
> thought of doing it by a trigger. But how do we come to know that the user
> has enabled a role or not. Is it also possible to do it without using the
> trigger??. Please advise, how to do this.
>
>

Is it correct to assume the following?

Users will only select from certain tables when the role is enabled?
Users will only perform DML on certain tables when the role is enabled?
Users have no access to certain tables unless the role is enabled?

If #3 is untrue, you may want to re-consider how permissions are granted.

If all 3 are true, then the role is mostly irrelevant for auditing purposes.

Just setup standard auditing on the objects in question. The users cannot select from them or perform DML unless the role is enabled.

Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Aug 10 2009 - 12:13:50 CDT

This message: [ Message body ]
Next message: Jiang, Lu: "Actually PGA allocated > PGA_AGGREGATE_TARGET ?"
Previous message: Goulet, Richard: "RE: 11g deprecated parameter standby_archive_dest"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message