Re: Deleting from sys.aud$

From: Randolf Geist <mahrah_at_web.de>
Date: Thu, 24 Dec 2009 13:50:24 -0800 (PST)
Message-ID: <830170d4-cb4a-4489-8d66-f05876347290_at_d21g2000yqn.googlegroups.com>

On Dec 24, 5:29�pm, GaryA <garyi..._at_yahoo.com> wrote:
> I have found the cause of the discrepancies in the records counts
> after deleting records from sys.aud$, but I'm still at a loss as to
> the rationale behind it.
>
> When I connect "AS SYSDBA", I can delete all the records that meet the
> section criteria.
>
> When I do not connect "AS SYSDBA", the delete command deletes all the
> sys.aud$ records meeting the criteria EXCEPT those with action# = 7,
> which are audits records of other previous delete commands.
>
> At least I now know what I have to do to resolve this issue and delete
> the records I need to delete.
>
> -Gary

I think this is (more or less) documented behaviour, see e.g.:

http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/cfgaudit.htm#i1011521

The point is that audit entries for auditing SYS.AUD$ can not be deleted by "non-SYSDBA" users.

Quote from the link above: "DELETE, INSERT, UPDATE, and MERGE operations on SYS.AUD$ table are always audited, and such audit records are not allowed to be deleted."

Regards,
Randolf

Oracle related stuff blog:
http://oracle-randolf.blogspot.com/

Co-author of the forthcoming "OakTable Expert Oracle Practices" book: http://www.apress.com/book/view/1430226684 http://www.amazon.com/Expert-Oracle-Practices-Database-Administration/dp/1430226684 Received on Thu Dec 24 2009 - 15:50:24 CST

This message: [ Message body ]
Next message: Jonathan Lewis: "Re: PARTITION HASH INLIST -- QUERY"
Previous message: Ind-dba: "Re: PARTITION HASH INLIST -- QUERY"
Maybe in reply to: GaryA: "Deleting from sys.aud$"
Next in thread: hpuxrac: "Re: Deleting from sys.aud$"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message