问题描述

我正在尝试使用Oracle的审核功能将DELETE语句记录在某个表中.我跑了:

I'm trying to record DELETE statements in a certain table using Oracle's auditing features. I ran:

SQL> AUDIT DELETE TABLE BY TPMDBO BY ACCESS;

Audit succeeded.

我不清楚这是否审计表模式本身的删除(即删除表)，还是审计任何表中的一个或多个行的删除(即delete命令).如果是后者，如何将这种审核限制为仅名为Foo的表?谢谢！

I'm unclear if this audits the deletion of a table schema itself (ie, dropping the table), or if it audits the deletion of one or more rows within any table (ie, the delete command). If the latter, how do I limit this auditing to only a table called Foo? Thanks!

更新:

SQL> show parameter audit

NAME                                 TYPE        VALUE
------------------------------------ ----------- -------------
audit_file_dest                      string      /backup/audit
audit_sys_operations                 boolean     TRUE
audit_syslog_level                   string
audit_trail                          string      XML, EXTENDED

推荐答案

有一个称为细粒度审核(FGA)的新功能，该功能将日志存储在SYS.FGA_LOG $中，而不是SYS.AUD $中.这是 FGA手册.

There is a new feature called fine-grained auditing (FGA), that stores log in SYS.FGA_LOG$ instead SYS.AUD$. Here is the FGA manual.

BEGIN
  DBMS_FGA.ADD_POLICY(
   object_schema      => 'HR',
   object_name        => 'FOO',
   policy_name        => 'my_policy',
   policy_owner       => 'SEC_MGR',
   enable             =>  TRUE,
   statement_types    => 'DELETE',
   audit_condition    =>  'USER = ''myuser''',
   audit_trail        =>  DBMS_FGA.DB);
END;
/

是的，您的原始命令应该在所有表上审核该用户的DELETE操作(不是DROP).检查show parameter audit

Yes, your original command should audit DELETE operations (not DROP) for this user on all tables. Examine show parameter audit

这篇关于如何使用Oracle审核某个表中的删除?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！