Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: how to audit grant on object priviledges

Re: how to audit grant on object priviledges

From: Joe <nospam_at_joekaz.net>
Date: Fri, 30 Jul 2004 20:06:20 -0400
Message-ID: <zpBOc.19452$Wa.1013@fe11.usenetserver.com> 





On 07/30/2004 02:02 PM, Alan said:


> while I can do 'audit system grant' and/or 'audit grant on default',

> but they can't audit activities like 'grant select on <table>...' kind

> of object priv. Also I don't want to just audit obj priv on a user

> level, e.g. 'audit grant on scott.table...' but at a database level

> that can audit, for example, any 'grant select...' statements

> executed.

> 

> Does anyone know the syntax to audit grant on object priviledges?

> Thanks,

> Alan





AUDIT GRANT ON DEFAULT - this will enable auditing of grants on any 
new object created.   That is, you are making this the default for 
new objects.    But it doesn't affect any existing object.   For 
those, you have to do the audit statement for each object:
AUDIT GRANT ON SCHEMA.OBJECTNAME


You can generate those audit commands with a script - something like 
this, but change it to suit your needs:



spool aud.sql


select 'audit grant on '||owner||'.'||table_name||';' from dba_tables;




Just be sure to do both steps:  the individual audit commands to 
cover what already exists, and the 'audit grant on default' to cover 
new objects.



-- 
Joe
http://www.joekaz.net/


Received on Fri Jul 30 2004 - 19:06:20 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US