Re: audit statement for tracking alter table?

From: Mark D Powell <Mark.Powell_at_eds.com>
Date: Tue, 3 Jun 2008 10:13:30 -0700 (PDT)
Message-ID: <2b3dc72d-5694-4cbe-8d28-72143f26d6ac@d77g2000hsb.googlegroups.com>


On Jun 2, 7:12 pm, rgvguplb <rgvgu..._at_gmail.com> wrote:
> On May 30, 2:42 pm, DA Morgan <damor..._at_psoug.org> wrote:
>
>
>
> > AUDIT ALTER ANY TABLE BY ACCESS;
> > --
>
> Thanks. I tried this and it didn't work, however, I think there must
> be something wrong with my db. I tried it on another database (10gr2
> on windows) and it worked fine. So i'm guessing something is wrong
> with my 11g on rhel5.1 install.
>
> Anyway, it's enough for me that it works fine on my 10gr2 database.
> The 11g one is just for educational purposes anyway.
>
> And thanks for the suggestions regarding revoking the create/alter
> privileges in the production db. We're basically trying to see what we
> can do in terms of auditing as we don't have that enabled right now in
> our production db. The root problem is that we're quite a small shop,
> so i have dba access to the production system. Management thinks
> that's a bad idea, so we need to see what our options are. They want
> to be able to catch me if i alter any tables/procedures/packages and
> what not....
>
> my manager's also asked me to look into the fine grained auditing
> option to see if it's worth it to upgrade or not.
>
> How do other places handle developer access to production databases?
> Are people generally very strict with having no dba access for
> developers? what if you are a really small shop ( 1 or 2 person)?
>
> thanks again

1 - verify that cataudit runs as part of the catalog script on 11g (I expect it does but this was an optional script several releases back and you never know what Oracle development might leave out) 2 - did you verify the the setting of database parameter audit_trail ?

HTH -- Mark D Powell -- Received on Tue Jun 03 2008 - 12:13:30 CDT

Original text of this message