Uniform Auditing Trails
Oracle Database 10g helps you audit database
activities in a uniform manner by using a new uniform audit trail
for both standard and fine-grained audit log records.
DBMS_FGA package is used for administering
fine-grained audit policies. The ADD_POLICY procedure in the package
has a parameter AUDIT_COLUMN_OPTS which establishes whether a
statement is audited when the query references any column specified
in the AUDIT_COLUMN parameter or only when all such columns are
referenced. Possible values are: ANY_COLUMNS, ALL_COLUMNS.
You can view the new SCN and SQL text/bind variable
information only if you use the new AUDIT_TRAIL=DB_EXTENDED
specification in your initialization parameter file.
Enterprise User Auditing
When you use an LDAP-compliant directory like the
Oracle Internet Directory, your users are known as enterprise users.
Oracle Database 10g lets you audit the activities of the enterprise
users in the database.
Fine-Grained Auditing Enhancements
You can audit SELECT, INSERT, UPDATE, DELETE, and
MERGE statements.
You can provide more than one relevant column for
fine-grained auditing.
You can now use NULL fine-grained auditing policy
predicates.
Since fine-grained auditing imposes significant
SQL information overhead, you can avoid the writing of SQL text
and SQL bind information to LOBs.
FGA and DML Statements
Oracle will audit a DML statement with an FGA
policy defined on it if the data rows (old and new) qualify under
the policy predicate.
If you have a relevant column(s) in the security
policy, the DML statement will be audited only if it references
the column(s) and the data meets the FGA policy requirements.
Oracles FGA feature audits MERGE statements by
viewing the INSERT and DELETE statements in the MERGE statement as
individual statements. If there are applicable FGA policies for
the INSERT or UPDATE statement, Oracle will audit the MERGE
statement.
