需要对一个重要的业务表开启delete操作审计,过了一段时间后,可以需要审计需求。
思路:
1.可以创建触发器,有问题导致业务表不可用;
2.数据库自带审计
对ALL TABLE 进行delete审计,代价太大!
SQL> AUDIT DELETE ANY TABLE BY ACCESS; SQL> conn yang/yang SQL> delete scott.ceshi where rownum=1; 1 row deleted. SQL> commit; SQL> select a.username,to_char(TIMESTAMP,'yyyy-mm-dd hh24:mi:ss') as "date",sql_text,b.NAME from DBA_AUDIT_TRAIL a,audit_actions
b where a.action=b.action and a.username='YANG' and sql_text is not null USERNAME date SQL_TEXT NAME ---------- ------------------- ---------------------------------------- ---------------------------- YANG 2018-12-20 19:38:29 delete scott.ceshi where rownum=1 DELETE SQL> select a.username,to_char(TIMESTAMP,'yyyy-mm-dd hh24:mi:ss') as "date",sql_text,b.NAME from DBA_AUDIT_TRAIL a,audit_actions
b where a.action=b.action and a.username='SYS' and sql_text is not null no rows selected SQL>NOAUDIT DELETE ANY TABLE BY ACCESS; 取消审计
本次使用FGA对单表进行审计
使用FGA对单个业务表开启delete操作审计 SQL>exec dbms_fga.add_policy(object_schema=>'zxy', object_name=>'mv', policy_name=>'mypolicy1', statement_types=>'select,insert,update,delete'); 可以通过视图DBA_FGA_AUDIT_TRAIL 可以查询这个审计策略的明确信息 SQL>select db_user,os_user,object_schema,object_name,policy_name,statement_type from dba_fga_audit_trail; 禁用 EXEC dbms_fga.disable_policy .... 确认审计enable,disable SQL>SELECT ENABLED ,OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME FROM DBA_AUDIT_POLICIES WHERE POLICY_NAME='mypolicy1'; 删除 EXEC dbms_fga.drop_policy ....
参考
https://blog.csdn.net/clg10051/article/details/100223730