Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Fine-Grained Auditing OCP Question
I think the main point the question was trying to make is that one
uses FGA for "select" only. Therefore the first 3 choices are
immediately eliminated.
Choice d is obviously qualified. In dbms_fga.add_policy, salary would be the audit_column, employee would be the object_name, and executive title would be in audit_condition.
Choice e is also possible - by extending choice d a little. In audit_condition, you check who the querying user is by using SYS_CONTEXT. For example, you can create a user group id fuction like:
create or replace function groupid return number as
igrp number;
begin
select groupid into igrp from usergrp where
username=sys_context('userenv','session_user');
return igrp;
end;
it looks up a user table called usergrp which identifies the querying user as internal or external. Assuming that for this case, 1 is internal and 2 is external, you can specify audit_condition as
groupid=2;
for the Internet users who you want to track. Internal users will fail the audit condition and will therefore not be audited.
"Buck Turgidson" <jc_va_at_hotmail.com> wrote in message news:<Vbbba.147974$P1.8963177_at_news1.east.cox.net>...
> I am wrestling with the following question (which I got wrong), and
> would like some opinions. I chose a and d, but apparently the correct
> answer is d and e. How could you differentiate access between internal
> and external users?
>
> In which 2 situations would Fine-Grained Auditing be beneficial:
>
> You need to track all accesses of the EMPLOYEE table.
> You need to identify all users who updated the CUSTOMER table on a
> specific date.
> You want to be able to compare the before and after values of each
> update of the PRICE column of the PRODUCT table.
> You want to alert the Human Resources Administrator any time someone
> accesses an executive's salary in the EMPLOYEE table.
> You want to allow unaudited access to the CONTACT_ ADDRESS column of the
> CUSTOMER table from within your organization, but track any access to
> the CONTACT_ADDRESS column that occurs via the Internet.
Received on Tue Mar 11 2003 - 14:13:53 CST