Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: audit insert, delete, update on sys.aud$
DA Morgan wrote:
> Anurag Varma wrote:
>
>> :) Not that funny though. Its common to audit delete on sys.aud$ .... >> >> Anurag
Daniel,
If you audit delete on aud$. Then the record is placed in sys.aud$ itself. Now you might think that the user with delete privs on aud$ can delete that record .. well te user does, the attempt to delete will be logged.
Now he can then log in as sysdba and turn off auditing and delete all records from sys.aud$ .. then in that case the statements will be logged to the filesystem. And in the rare chance that you dont trust the sysdba, you can prevent him from deleting the audit files created in audit file destination.
In the FM:
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96521/audit.htm#1875
To Prem:
I do see the FM suggesting audit insert/update/delete on sys.aud$, so its
possible that attempts to insert using non-administrative account might
still be logged (I have not done testing regarding this)....
Anurag Received on Sat Apr 02 2005 - 07:29:16 CST
![]() |
![]() |