--更新参数文件,设置Audit等级 alter system set audit_trail=db,extended scope=spfile; --更新参数文件,开始Audit alter system set audit_sys_operations=TRUE scope=spfile; --设置需要Audit的操作(可以BY user 指定Audit的用户,可以只Audit特定操作 alter ,update,insert,select 等) audit delete,select on SIEBEL.S_SRV_REQ ; --查看Audit结果,由于抓取的SQL语句有变量,所以无法确定删除的行,但可以通过SCN对比来得到数据差异
重启数据库
select username,returncode,action_name,obj_name,TIMESTAMP,SCN,sql_text from dba_audit_trail where obj_name='S_SRV_REQ';
--查差集,拿上一步的SCN来对比得到删除的行 select row_id from SIEBEL.S_SRV_REQ as of scn 42145330498 MINUS select row_id from SIEBEL.S_SRV_REQ as of scn 42145330514;
--可以清空审计记录 truncate table aud$; --关闭表的审计 noaudit all on SIEBEL.S_SRV_REQ; noaudit delete on SIEBEL.S_SRV_REQ ; --更改参数文件,取消审计 alter system set audit_trail=none;
SIEBEL.S_ORG_EXT BY ACCESS; AUDIT SELECT,INSERT,DELETE,UPDATE ON SIEBEL.S_LST_OF_VAL BY ACCESS; AUDIT SELECT,INSERT,DELETE,UPDATE ON SIEBEL.S_POSTN BY ACCESS; AUDIT SELECT,INSERT,DELETE,UPDATE ON SIEBEL.S_USER BY ACCESS; AUDIT SELECT,INSERT,DELETE,UPDATE ON SIEBEL.S_APP_VIEW_RESP BY ACCESS;,SIEBEL.S_SRV_REQ BY ACCESS;
create or replace trigger preventdeletedServiceReq before delete on siebel.S_SRV_REQ for each row DECLARE Cur_User varchar(50); begin select user into Cur_User from dual; if Cur_User = 'SADMIN' then if deleting then raise_application_error(-200001,'不允许删除数据!'); dbms_output.PUT_LINE('不允许删除数据!'); end if; end if; end;
