Oracle 12C -- Unified Auditing Policy
2015-12-07 15:14 abce 阅读(1231) 评论(0) 编辑 收藏 举报1.审计策略是一组审计选项,用来审计数据库用户
2.创建审计策略需要被授予audit_admin角色(create audit policy ...)
3.可以在CDB、PDB级别创建创建审计策略
4.审计策略被enable之后才能生效。标准的非策略审计不受enable/disable影响
5.创建审计策略必须要指定系统级别或者对象级别的审计选项
-系统级别:
privilege审计选项审计所有的events;action审计选项审计数据库中需要被审计的操作,比如alter trigger;role审计选项审计被直接授予mgr_role的权限
privilege、action、role选项可以包含在同一个策略中。系统级别的审计选项可以查看sys.auditable_system_actions表
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 | SQL> create audit policy audit_mixed_po01 privileges drop any table roles emp_role; SQL> select * from sys.auditable_system_actions; TYPE COMPONENT ACTION NAME---------- ------------------------------ ---------- ---------------------------------------------------------------- 4 Standard 1 CREATE TABLE 4 Standard 2 INSERT 4 Standard 3 SELECT 4 Standard 4 CREATE CLUSTER 4 Standard 5 ALTER CLUSTER 4 Standard 6 UPDATE 4 Standard 7 DELETE 4 Standard 8 DROP CLUSTER 4 Standard 9 CREATE INDEX 4 Standard 10 DROP INDEX 4 Standard 11 ALTER INDEX 4 Standard 12 DROP TABLE 4 Standard 13 CREATE SEQUENCE 4 Standard 14 ALTER SEQUENCE 4 Standard 15 ALTER TABLE 4 Standard 16 DROP SEQUENCE 4 Standard 19 CREATE SYNONYM 4 Standard 20 DROP SYNONYM 4 Standard 21 CREATE VIEW 4 Standard 22 DROP VIEW 4 Standard 23 VALIDATE INDEX 4 Standard 24 CREATE PROCEDURE 4 Standard 25 ALTER PROCEDURE 4 Standard 26 LOCK TABLE 4 Standard 28 RENAME 4 Standard 29 COMMENT 4 Standard 32 CREATE DATABASE LINK 4 Standard 33 DROP DATABASE LINK 4 Standard 35 ALTER DATABASE 4 Standard 36 CREATE ROLLBACK SEGMENT 4 Standard 37 ALTER ROLLBACK SEGMENT 4 Standard 38 DROP ROLLBACK SEGMENT 4 Standard 39 CREATE TABLESPACE 4 Standard 40 ALTER TABLESPACE 4 Standard 41 DROP TABLESPACE 4 Standard 42 ALTER SESSION 4 Standard 43 ALTER USER 4 Standard 44 COMMIT 4 Standard 45 ROLLBACK 4 Standard 46 SAVEPOINT 4 Standard 48 SET TRANSACTION 4 Standard 49 ALTER SYSTEM 4 Standard 50 EXPLAIN 4 Standard 51 CREATE USER 4 Standard 52 CREATE ROLE 4 Standard 53 DROP USER 4 Standard 54 DROP ROLE 4 Standard 55 SET ROLE 4 Standard 56 CREATE SCHEMA 4 Standard 58 ALTER TRACING 4 Standard 59 CREATE TRIGGER 4 Standard 60 ALTER TRIGGER 4 Standard 61 DROP TRIGGER 4 Standard 62 ANALYZE TABLE 4 Standard 63 ANALYZE INDEX 4 Standard 64 ANALYZE CLUSTER 4 Standard 65 CREATE PROFILE 4 Standard 66 DROP PROFILE 4 Standard 67 ALTER PROFILE 4 Standard 68 DROP PROCEDURE 4 Standard 70 ALTER RESOURCE COST 4 Standard 71 CREATE MATERIALIZED VIEW LOG 4 Standard 72 ALTER MATERIALIZED VIEW LOG 4 Standard 73 DROP MATERIALIZED VIEW LOG 4 Standard 74 CREATE MATERIALIZED VIEW 4 Standard 75 ALTER MATERIALIZED VIEW 4 Standard 76 DROP MATERIALIZED VIEW 4 Standard 77 CREATE TYPE 4 Standard 78 DROP TYPE 4 Standard 79 ALTER ROLE 4 Standard 80 ALTER TYPE 4 Standard 81 CREATE TYPE BODY 4 Standard 82 ALTER TYPE BODY 4 Standard 83 DROP TYPE BODY 4 Standard 84 DROP LIBRARY 4 Standard 85 TRUNCATE TABLE 4 Standard 86 TRUNCATE CLUSTER 4 Standard 88 ALTER VIEW 4 Standard 90 SET CONSTRAINTS 4 Standard 91 CREATE FUNCTION 4 Standard 92 ALTER FUNCTION 4 Standard 93 DROP FUNCTION 4 Standard 94 CREATE PACKAGE 4 Standard 95 ALTER PACKAGE 4 Standard 96 DROP PACKAGE 4 Standard 97 CREATE PACKAGE BODY 4 Standard 98 ALTER PACKAGE BODY 4 Standard 99 DROP PACKAGE BODY 4 Standard 157 CREATE DIRECTORY 4 Standard 158 DROP DIRECTORY 4 Standard 159 CREATE LIBRARY 4 Standard 160 CREATE JAVA 4 Standard 161 ALTER JAVA 4 Standard 162 DROP JAVA 4 Standard 163 CREATE OPERATOR 4 Standard 164 CREATE INDEXTYPE 4 Standard 165 DROP INDEXTYPE 4 Standard 166 ALTER INDEXTYPE 4 Standard 167 DROP OPERATOR 4 Standard 168 ASSOCIATE STATISTICS 4 Standard 169 DISASSOCIATE STATISTICS 4 Standard 170 CALL METHOD 4 Standard 171 CREATE SUMMARY 4 Standard 172 ALTER SUMMARY 4 Standard 173 DROP SUMMARY 4 Standard 174 CREATE DIMENSION 4 Standard 175 ALTER DIMENSION 4 Standard 176 DROP DIMENSION 4 Standard 177 CREATE CONTEXT 4 Standard 178 DROP CONTEXT 4 Standard 179 ALTER OUTLINE 4 Standard 180 CREATE OUTLINE 4 Standard 181 DROP OUTLINE 4 Standard 182 UPDATE INDEXES 4 Standard 183 ALTER OPERATOR 4 Standard 184 Do not use 184 4 Standard 185 Do not use 185 4 Standard 186 Do not use 186 4 Standard 187 CREATE SPFILE 4 Standard 188 CREATE PFILE 4 Standard 190 CHANGE PASSWORD 4 Standard 191 UPDATE JOIN INDEX 4 Standard 192 ALTER SYNONYM 4 Standard 193 ALTER DISK GROUP 4 Standard 194 CREATE DISK GROUP 4 Standard 195 DROP DISK GROUP 4 Standard 196 ALTER LIBRARY 4 Standard 197 PURGE USER RECYCLEBIN 4 Standard 198 PURGE DBA RECYCLEBIN 4 Standard 199 PURGE TABLESPACE 4 Standard 200 PURGE TABLE 4 Standard 201 PURGE INDEX 4 Standard 202 UNDROP OBJECT 4 Standard 205 FLASHBACK TABLE 4 Standard 206 CREATE RESTORE POINT 4 Standard 207 DROP RESTORE POINT 4 Standard 212 CREATE EDITION 4 Standard 214 DROP EDITION 4 Standard 215 DROP ASSEMBLY 4 Standard 216 CREATE ASSEMBLY 4 Standard 217 ALTER ASSEMBLY 4 Standard 218 CREATE FLASHBACK ARCHIVE 4 Standard 219 ALTER FLASHBACK ARCHIVE 4 Standard 220 DROP FLASHBACK ARCHIVE 4 Standard 222 CREATE SCHEMA SYNONYM 4 Standard 224 DROP SCHEMA SYNONYM 4 Standard 225 ALTER DATABASE LINK 4 Standard 226 CREATE PLUGGABLE DATABASE 4 Standard 227 ALTER PLUGGABLE DATABASE 4 Standard 228 DROP PLUGGABLE DATABASE 4 Standard 229 CREATE AUDIT POLICY 4 Standard 230 ALTER AUDIT POLICY 4 Standard 231 DROP AUDIT POLICY 4 Standard 238 ADMINISTER KEY MANAGEMENT 4 Standard 239 CREATE MATERIALIZED ZONEMAP 4 Standard 240 ALTER MATERIALIZED ZONEMAP 4 Standard 241 DROP MATERIALIZED ZONEMAP 4 Standard 17 GRANT 4 Standard 18 REVOKE 4 Standard 30 AUDIT 4 Standard 31 NOAUDIT 4 Standard 100 LOGON 4 Standard 101 LOGOFF 4 Standard 47 EXECUTE 4 Standard 189 MERGE 4 Standard 242 ALL 8 Label Security 1 APPLY POLICY 8 Label Security 2 REMOVE POLICY 8 Label Security 3 SET AUTHORIZATION 8 Label Security 4 PRIVILEGED ACTION 8 Label Security 5 ENABLE POLICY 8 Label Security 6 DISABLE POLICY 8 Label Security 7 SUBSCRIBE OID 8 Label Security 8 UNSUBSCRIBE OID 8 Label Security 9 CREATE DATA LABEL 8 Label Security 10 ALTER DATA LABEL 8 Label Security 11 DROP DATA LABEL 8 Label Security 12 CREATE POLICY 8 Label Security 13 ALTER POLICY 8 Label Security 14 DROP POLICY 8 Label Security 15 CREATE LABEL COMPONENTS 8 Label Security 16 ALTER LABEL COMPONENTS 8 Label Security 17 DROP LABEL COMPONENTS 8 Label Security 18 ALL 6 XS 1 CREATE USER 6 XS 2 UPDATE USER 6 XS 3 DELETE USER 6 XS 4 CREATE ROLE 6 XS 5 UPDATE ROLE 6 XS 6 DELETE ROLE 6 XS 7 GRANT ROLE 6 XS 8 REVOKE ROLE 6 XS 9 ADD PROXY 6 XS 10 REMOVE PROXY 6 XS 11 SET USER PASSWORD 6 XS 12 SET USER VERIFIER 6 XS 13 CREATE ROLESET 6 XS 14 UPDATE ROLESET 6 XS 15 DELETE ROLESET 6 XS 16 CREATE SECURITY CLASS 6 XS 17 UPDATE SECURITY CLASS 6 XS 18 DELETE SECURITY CLASS 6 XS 19 CREATE NAMESPACE TEMPLATE 6 XS 20 UPDATE NAMESPACE TEMPLATE 6 XS 21 DELETE NAMESPACE TEMPLATE 6 XS 22 CREATE ACL 6 XS 23 UPDATE ACL 6 XS 24 DELETE ACL 6 XS 25 CREATE DATA SECURITY 6 XS 26 UPDATE DATA SECURITY 6 XS 27 DELETE DATA SECURITY 6 XS 28 ENABLE DATA SECURITY 6 XS 29 DISABLE DATA SECURITY 6 XS 30 ADD GLOBAL CALLBACK 6 XS 31 DELETE GLOBAL CALLBACK 6 XS 32 ENABLE GLOBAL CALLBACK 6 XS 33 ENABLE ROLE 6 XS 34 DISABLE ROLE 6 XS 35 SET COOKIE 6 XS 36 SET INACTIVE TIMEOUT 6 XS 37 CREATE SESSION 6 XS 38 DESTROY SESSION 6 XS 39 SWITCH USER 6 XS 40 ASSIGN USER 6 XS 41 CREATE SESSION NAMESPACE 6 XS 42 DELETE SESSION NAMESPACE 6 XS 43 CREATE NAMESPACE ATTRIBUTE 6 XS 44 GET NAMESPACE ATTRIBUTE 6 XS 45 SET NAMESPACE ATTRIBUTE 6 XS 46 DELETE NAMESPACE ATTRIBUTE 6 XS 47 SET USER PROFILE 6 XS 48 ALL 10 Datapump 1 EXPORT 10 Datapump 2 IMPORT 10 Datapump 3 ALL 7 Database Vault 1 REALM VIOLATION 7 Database Vault 2 REALM SUCCESS 7 Database Vault 3 REALM ACCESS 7 Database Vault 4 RULE SET FAILURE 7 Database Vault 5 RULE SET SUCCESS 7 Database Vault 6 RULE SET EVAL 7 Database Vault 7 FACTOR ERROR 7 Database Vault 8 FACTOR NULL 7 Database Vault 9 FACTOR VALIDATE ERROR 7 Database Vault 10 FACTOR VALIDATE FALSE 7 Database Vault 11 FACTOR TRUST LEVEL NULL 7 Database Vault 12 FACTOR TRUST LEVEL NEG 7 Database Vault 13 FACTOR ALL 11 Direct path API 1 LOAD 11 Direct path API 2 ALL |
-对象级别:是动态的。修改后对当前用户和后期用户都会生效。
1 | SQL> create audit policy audit_objpriv_po02 actions execute,grant on hr.raise_salary_proc; |
-condition和evaluation:
1 | SQL> create audit policy audit_mixed_po03 actions rename on hr.employees, alter on hr.jobs,when 'SYS_CONTEXT(''USERNAME'',''SESSION_USER'')=''JIM''' evaluate per session; |
6.开启审计策略
1 2 3 4 | SQL> audit policy audit_syspriv_po01;#对所有用户都生效SQL> audit policy audit_po02 by scott,hr;#只对scott,hr用户生效SQL> audit policy audit_po03 by sys;#只是对sys用户生效SQL> audit policy audit_po04 except jim,scott;#jim,scott除外 |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· .NET10 - 预览版1新功能体验(一)