Re: Deleting from sys.aud$
Date: Thu, 24 Dec 2009 13:50:24 -0800 (PST)
On Dec 24, 5:29 pm, GaryA <garyi..._at_yahoo.com> wrote:
> I have found the cause of the discrepancies in the records counts
> after deleting records from sys.aud$, but I'm still at a loss as to
> the rationale behind it.
> When I connect "AS SYSDBA", I can delete all the records that meet the
> section criteria.
> When I do not connect "AS SYSDBA", the delete command deletes all the
> sys.aud$ records meeting the criteria EXCEPT those with action# = 7,
> which are audits records of other previous delete commands.
> At least I now know what I have to do to resolve this issue and delete
> the records I need to delete.
I think this is (more or less) documented behaviour, see e.g.:
The point is that audit entries for auditing SYS.AUD$ can not be deleted by "non-SYSDBA" users.
Quote from the link above: "DELETE, INSERT, UPDATE, and MERGE operations on SYS.AUD$ table are always audited, and such audit records are not allowed to be deleted."
Oracle related stuff blog:
Co-author of the forthcoming "OakTable Expert Oracle Practices" book: http://www.apress.com/book/view/1430226684 http://www.amazon.com/Expert-Oracle-Practices-Database-Administration/dp/1430226684 Received on Thu Dec 24 2009 - 15:50:24 CST