zoukankan      html  css  js  c++  java
  • FGA精细化审计取消对单表的dml操作

    需要对一个重要的业务表开启delete操作审计,过了一段时间后,可以需要审计需求。

    思路:

    1.可以创建触发器,有问题导致业务表不可用;

    2.数据库自带审计

    对ALL TABLE 进行delete审计,代价太大!
    SQL> AUDIT DELETE ANY TABLE BY ACCESS; SQL> conn yang/yang SQL> delete scott.ceshi where rownum=1; 1 row deleted. SQL> commit; SQL> select a.username,to_char(TIMESTAMP,'yyyy-mm-dd hh24:mi:ss') as "date",sql_text,b.NAME from DBA_AUDIT_TRAIL a,audit_actions
    b where a.action=b.action and a.username='YANG' and sql_text is not null USERNAME date SQL_TEXT NAME ---------- ------------------- ---------------------------------------- ---------------------------- YANG 2018-12-20 19:38:29 delete scott.ceshi where rownum=1 DELETE SQL> select a.username,to_char(TIMESTAMP,'yyyy-mm-dd hh24:mi:ss') as "date",sql_text,b.NAME from DBA_AUDIT_TRAIL a,audit_actions
    b where a.action=b.action and a.username='SYS' and sql_text is not null no rows selected SQL>NOAUDIT DELETE ANY TABLE BY ACCESS; 取消审计

    本次使用FGA对单表进行审计

    使用FGA对单个业务表开启delete操作审计
    SQL>exec dbms_fga.add_policy(object_schema=>'zxy',
    object_name=>'mv',
    policy_name=>'mypolicy1',
    statement_types=>'select,insert,update,delete');
    可以通过视图DBA_FGA_AUDIT_TRAIL 可以查询这个审计策略的明确信息
    SQL>select db_user,os_user,object_schema,object_name,policy_name,statement_type from dba_fga_audit_trail;
    禁用
    EXEC dbms_fga.disable_policy ....
    确认审计enable,disable
    SQL>SELECT ENABLED ,OBJECT_SCHEMA,OBJECT_NAME,POLICY_OWNER,POLICY_NAME FROM DBA_AUDIT_POLICIES WHERE POLICY_NAME='mypolicy1';
    删除
    EXEC dbms_fga.drop_policy ....
    参考
    https://blog.csdn.net/clg10051/article/details/100223730

      

  • 相关阅读:
    JavaScript学习笔记(三十八) 复制属性继承
    每天一道逻辑思维题
    动态规划(4):求子数组最大和
    30天自制操作系统第四天学习笔记
    UVA 1344 Tian Ji -- The Horse Racing
    Word隐藏回车符技巧
    Apache Thrift
    Android更改桌面应用程序launcher的两种方式
    Java语言实现简单FTP软件------>FTP软件效果图预览之下载功能(二)
    Java Collection
  • 原文地址:https://www.cnblogs.com/lvcha001/p/12786133.html
Copyright © 2011-2022 走看看