Oracle 12C -- 预定义audit policies

在12C中，预定义了三种审计策略：ora_secureconfig,ora_database_parameter,ora_account_mgmt
可以通过脚本$ORACLE_HOME/rdbms/admin/secconf.sql脚本来创建这个三个预定义审计策略，并开启ora_secureconfig策略，另外两个不是默认开启。

ora_account_mgmt：审计用户账户和权限
ora_database_parameter：审计对数据库参数修改行为
ora_secureconfig：包含11g中的审计策略

SQL> select policy_name,audit_option from audit_unified_policies where policy_name in ('ORA_ACCOUNT_MGMT','ORA_DATABASE_PARAMETER','ORA_SECURECONFIG');

POLICY_NAME                    AUDIT_OPTION

------------------------------ ------------------------------

ORA_SECURECONFIG               LOGMINING

ORA_SECURECONFIG               TRANSLATE ANY SQL

ORA_SECURECONFIG               EXEMPT REDACTION POLICY

ORA_SECURECONFIG               PURGE DBA_RECYCLEBIN

ORA_SECURECONFIG               ADMINISTER KEY MANAGEMENT

ORA_SECURECONFIG               DROP ANY SQL TRANSLATION PROFILE

ORA_SECURECONFIG               ALTER ANY SQL TRANSLATION PROFILE

ORA_SECURECONFIG               CREATE ANY SQL TRANSLATION PROFILE

ORA_SECURECONFIG               CREATE SQL TRANSLATION PROFILE

ORA_SECURECONFIG               CREATE EXTERNAL JOB

ORA_SECURECONFIG               CREATE ANY JOB

ORA_SECURECONFIG               GRANT ANY OBJECT PRIVILEGE

ORA_SECURECONFIG               EXEMPT ACCESS POLICY

ORA_SECURECONFIG               CREATE ANY LIBRARY

ORA_SECURECONFIG               GRANT ANY PRIVILEGE

ORA_SECURECONFIG               DROP ANY PROCEDURE

ORA_SECURECONFIG               ALTER ANY PROCEDURE

ORA_SECURECONFIG               CREATE ANY PROCEDURE

ORA_SECURECONFIG               ALTER DATABASE

ORA_SECURECONFIG               GRANT ANY ROLE

ORA_SECURECONFIG               DROP PUBLIC SYNONYM

ORA_SECURECONFIG               CREATE PUBLIC SYNONYM

ORA_SECURECONFIG               DROP ANY TABLE

ORA_SECURECONFIG               ALTER ANY TABLE

ORA_SECURECONFIG               CREATE ANY TABLE

ORA_SECURECONFIG               DROP USER

ORA_SECURECONFIG               CREATE USER

ORA_SECURECONFIG               AUDIT SYSTEM

ORA_SECURECONFIG               ALTER SYSTEM

ORA_ACCOUNT_MGMT               ALTER USER

ORA_ACCOUNT_MGMT               CREATE USER

ORA_ACCOUNT_MGMT               CREATE ROLE

ORA_ACCOUNT_MGMT               DROP USER

ORA_ACCOUNT_MGMT               DROP ROLE

ORA_ACCOUNT_MGMT               SET ROLE

ORA_ACCOUNT_MGMT               ALTER ROLE

ORA_ACCOUNT_MGMT               GRANT

ORA_ACCOUNT_MGMT               REVOKE

ORA_DATABASE_PARAMETER         ALTER DATABASE

ORA_DATABASE_PARAMETER         ALTER SYSTEM

ORA_DATABASE_PARAMETER         CREATE SPFILE

ORA_SECURECONFIG               CREATE DATABASE LINK

ORA_SECURECONFIG               DROP DATABASE LINK

ORA_SECURECONFIG               ALTER USER

ORA_SECURECONFIG               CREATE ROLE

ORA_SECURECONFIG               DROP ROLE

ORA_SECURECONFIG               SET ROLE

ORA_SECURECONFIG               CREATE PROFILE

ORA_SECURECONFIG               DROP PROFILE

ORA_SECURECONFIG               ALTER PROFILE

ORA_SECURECONFIG               ALTER ROLE

ORA_SECURECONFIG               CREATE DIRECTORY

ORA_SECURECONFIG               DROP DIRECTORY

ORA_SECURECONFIG               ALTER DATABASE LINK

ORA_SECURECONFIG               CREATE PLUGGABLE DATABASE

ORA_SECURECONFIG               ALTER PLUGGABLE DATABASE

ORA_SECURECONFIG               DROP PLUGGABLE DATABASE

ORA_SECURECONFIG               EXECUTE