Re: Fine Grained Auditing - Quick Question

In article <40b1800a$0$31680$afc38c87_at_news.optusnet.com.au>, Howard J. Rogers <hjr_at_dizwell.com> writes
>Just a quick question (and I have read the doco but can't find an answer),
>but is there any way to clear the FGA audit trail *apart* from doing a
>delete from dba_fga_audit_trail??

Hi Howard,

The FGA audit trail is stored in SYS.FGA_LOG$ and delete on this table is allowed in the DELETE_CATALOG_ROLE like it is for SYS.AUD$. The privilege can be seen:-

who_can_access: Release 1.0.0.0.0 - Production on Mon May 24 22:03:34 2004
Copyright (c) 2004 PeteFinnigan.com Limited. All rights reserved.

NAME OF OBJECT TO CHECK       [USER_OBJECTS]: fga_log$
OWNER OF THE OBJECT TO CHECK          [USER]: sys
OUTPUT METHOD Screen/File                [S]: 
FILE NAME FOR OUTPUT              [priv.lst]: 
OUTPUT DIRECTORY [DIRECTORY  or file (/tmp)]: 

Checking object => SYS.FGA_LOG$

Object type is => TABLE (TAB)

        Privilege => DELETE is granted to =>
        Role => DELETE_CATALOG_ROLE (ADM = NO) which is granted to =>
                Role => DBA (ADM = YES) which is granted to =>
                        User => SYS (ADM = YES)
                        User => WKSYS (ADM = NO)
                        User => CTXSYS (ADM = NO)
                        User => SYSTEM (ADM = YES)
                User => SYS (ADM = YES)

PL/SQL procedure successfully completed.

For updates please visit http://www.petefinnigan.com/tools.htm

SQL> This is on 9iR2. There is no delete privileges granted by default on DBA_FGA_AUDIT_TRAIL just select privilege to a lot of users and roles. If you want to clear the trail then use delete and grant DELETE_CATALOG_ROLE to the user who needs to do it. Truncate should be quicker though if you just want to empty the trail.

hth

kind regards

Pete

-- 
Pete Finnigan
email:pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.