Re: access to dbms_fga package on shared server

On May 12, 11:30 am, "fitzjarr..._at_cox.net" <orat..._at_msn.com> wrote:
> On May 12, 9:03 am, maxim2k <maxi..._at_gmail.com> wrote:
>
>
>
>
>
> > On 5/12/08 3:30 PM, fitzjarr..._at_cox.net wrote:
>
> > > I can only presume this access is through the schema owner.  Is this
> > > the ONLY account accessing this users objects?
>
> > Yes, each customer has an Oracle user/schema.
>
> > > Which should not be an issue.  My question is this: if there is only
> > > ONE user account which  can access these user objects what good does
> > > having execute privilege on dbms_fga provide?  This is used to provide
> > > Fine-Grained Access (fga) to database objects based upon a user id.
> > > If only ONE user id accesses these objects I can see no purpose in
> > > granting access to this package.
>
> > I think the customer needs to create an audit log of actions performed
> > over database objects. Is there a way to do that without using the
> > dbms_fga package?
>
> > Thanks.
>
> That depends upon what you want to accomplish with this audit trail,
> this may give you some ideas on how to proceed depending upon the
> desired result:
>
> http://oratips-ddf.blogspot.com/2006/05/audit-this.html
>
> David Fitzjarrell- Hide quoted text -
>
> - Show quoted text -

Besides the native audit command and the FGA feature you have the option of using table row triggers to insert a change row into a history/audit table whenever a base table row is changed. Applications can also be written to record change activity.

Which feature or method for capturing change data depends on the environment, the application, and the data. You might use the audit command to record DDL actions, row triggers to record detail data changes to specific tables, and FGA to filter what data users can see on a query against other tables all within a single database.

HTH -- Mark D Powell -- Received on Tue May 13 2008 - 10:26:57 CDT