Re: Deleting from sys.aud$

From: Randolf Geist <>
Date: Thu, 24 Dec 2009 13:50:24 -0800 (PST)
Message-ID: <>

On Dec 24, 5:29 pm, GaryA <> wrote:
> I have found the cause of the discrepancies in the records counts
> after deleting records from sys.aud$, but I'm still at a loss as to
> the rationale behind it.
> When I connect "AS SYSDBA", I can delete all the records that meet the
> section criteria.
> When I do not connect "AS SYSDBA", the delete command deletes all the
> sys.aud$ records meeting the criteria EXCEPT those with action# = 7,
> which are audits records of other previous delete commands.
> At least I now know what I have to do to resolve this issue and delete
> the records I need to delete.
> -Gary

I think this is (more or less) documented behaviour, see e.g.:

The point is that audit entries for auditing SYS.AUD$ can not be deleted by "non-SYSDBA" users.

Quote from the link above: "DELETE, INSERT, UPDATE, and MERGE operations on SYS.AUD$ table are always audited, and such audit records are not allowed to be deleted."


Oracle related stuff blog:

Co-author of the forthcoming "OakTable Expert Oracle Practices" book: Received on Thu Dec 24 2009 - 15:50:24 CST

Original text of this message