Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: complete auditing dba actions

Re: complete auditing dba actions

From: Mark D Powell <Mark.Powell_at_eds.com>
Date: 19 Jul 2005 07:01:54 -0700
Message-ID: <1121781714.639459.131740@g43g2000cwa.googlegroups.com> 





What version of Oracle do you have?  Questions like this have version
specific answers.



Oracle built-in auditing can be used to capture the fact that DDL was
executed by a DBA.  With version 9+ you can audit the SYS id.



Combine the built-in audit feature with selected table trigger
auditing, RLS or VPD as it is also called, and database event triggers
can give you a reasonably decent audit trail.



The most important feature is to limit the number of DBA ID's created
and who has access to those ID's.  Application owner do not
automatically need to be a DBA.  Instead these ID's should just have
just the object creation privileges: create table, create view, create
procedure, and quotas necessary to do the job.  Developers should not
have access to the owner ID's in production.



HTH -- Mark D Powell --
Received on Tue Jul 19 2005 - 09:01:54 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US