audit truncate?
Date: Thu, 4 Apr 2013 16:10:31 -0500
Message-ID: <003901ce3178$d75ac610$86105230$_at_cox.net>
I was wondering if anyone knows where this one came from, if it ever worked
(perhaps only in some now-antiquated version), etc. I just discovered it
(by accident) and I've been into Oracle auditing rather heavily for well
over a decade.
There seems to be a lot of bad information about auditing (in general and auditing truncation in particular) in the OTN forums. The short story is that if you want to audit truncation, the ONLY reliable method I know of is the shortcut "audit table". Some (including at least one Oracle ACE) seem to think that the answer is "audit truncate table", but that is not even valid syntax. "Audit truncate" is valid syntax, but seems to do absolutely nothing. No record in generated in either DBA_STMT_AUDIT_OPTS or DBA_PRIV_AUDIT_OPTS and it never generates an audit trail record - at least in my tests which include 9.2.0.4, 10.2.0.1, 10.2.0.5 and 11.2.0.3. Object auditing (e.g. audit all on SCOTT.EMP) never generates an audit record for truncation.
Many recommend "audit DROP ANY TABLE" since that system privilege is required to truncate a table in another user's schema, however it only generates an audit trail record if the user issuing the statement actually has the DROP ANY TABLE privilege and attempts (successfully or unsuccessfully) to truncate a table in another user's schema - in other words IFF the privilege is actually possessed and needed.
In anyone has any information to the contrary or (better) a repeatable test case that disproves any of the above, I would love to see it!
-Don Granaman (OraSaurus)
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Apr 04 2013 - 23:10:31 CEST