Re: Deleting from sys.aud$
Date: Thu, 24 Dec 2009 06:19:26 -0800 (PST)
Message-ID: <103b7313-f213-4cc7-8ff4-759dc477129b_at_j14g2000yqm.googlegroups.com>
On Dec 23, 3:49 pm, Mark D Powell <Mark.Powe..._at_hp.com> wrote:
> On Dec 23, 11:13 am, GaryA <garyi..._at_yahoo.com> wrote:
>
>
>
> > Hoping someone can explain why I am running into the issue seen
> > below. I do a select count(*) from sys.aud$ and get one number, but
> > when I do a delete using the same where condition I get a
> > substantially different number of records to be deleted.
>
> > *******************************
> > SQL> select count(*) from sys.aud$ where userid = 'MIKE1';
>
> > COUNT(*)
> > ----------
> > 33570
>
> > SQL> delete from sys.aud$ where userid = 'MIKE1';
>
> > 2 rows deleted.
>
<snip>
>
> > Thank you.
> > Gary
>
> Who are you connected as? Do you have sys auditing turned on? Do you
> have extended auditing turned on?
>
I have tried this connected as SYS, SYSTEM, and a user account with SELECT and DELETE privileges on SYS.AUD$. Sys auditing is false. Extended auditing is also off.
audit_sys_operations=FALSE
audit_trail=DB
> Did you query the dba_audit_trail to see if new audit rows were
> inserted because of your action to see what information these rows may
> show?
>
> Post your audit rules.
>
> HTH -- Mark D Powell --
I've discovered that if I connect "AS SYSDBA", I can delete the rows as expected. However, when I connect simply as "SYS", I get the results shown in the initial post. I'm now making an assumption that perhaps something has changed in regards to security on the AUD$ table between Oracle8 (where "AS SYSDBA" didn't seem to be required to delete the rows) and Oracle11.
-Gary Received on Thu Dec 24 2009 - 08:19:26 CST