Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: how to audit grant on object priviledges
On 07/30/2004 02:02 PM, Alan said:
> while I can do 'audit system grant' and/or 'audit grant on default',
> but they can't audit activities like 'grant select on <table>...' kind
> of object priv. Also I don't want to just audit obj priv on a user
> level, e.g. 'audit grant on scott.table...' but at a database level
> that can audit, for example, any 'grant select...' statements
> executed.
>
> Does anyone know the syntax to audit grant on object priviledges?
> Thanks,
> Alan
AUDIT GRANT ON DEFAULT - this will enable auditing of grants on any new object created. That is, you are making this the default for new objects. But it doesn't affect any existing object. For those, you have to do the audit statement for each object: AUDIT GRANT ON SCHEMA.OBJECTNAME You can generate those audit commands with a script - something like this, but change it to suit your needs:
spool aud.sql
select 'audit grant on '||owner||'.'||table_name||';' from dba_tables;
Just be sure to do both steps: the individual audit commands to cover what already exists, and the 'audit grant on default' to cover new objects.
-- Joe http://www.joekaz.net/Received on Fri Jul 30 2004 - 19:06:20 CDT