AUDIT DELETE ANY TABLE;这个是审计任何用户删除任何表呢,还是审计授权给用户删除表的呢?我的实验证明它是审计grant delete any table的。。。
$ sqlplus "/ as sysdba"
SQL*Plus: Release 10.2.0.4.0 - Production on Tue May 31 15:55:53 2011
Copyright (c) 1982, 2007, Oracle.All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select * from dba_audit_trail;
no rows selected
SQL> conn ch/ch
Connected.
SQL> desc t2;
Name
Null?Type
----------------------------------------- -------- ----------------------------
A
NUMBER
SQL> select * from t2;
no rows selected
SQL> insert into t2 values(11);
1 row created.
SQL> commi;t
SP2-0042: unknown command "commi;t" - rest of line ignored.
SQL> commit;
Commit complete.
SQL> select * from t2;
A
----------
11
SQL> conn / as sysdba
Connected.
SQL> audit delete any table;
Audit succeeded.
SQL> conn ch/ch
Connected.
SQL> delete from t2;
1 row deleted.
SQL> commit;
Commit complete.
SQL> conn / as sysdba;
Connected.
SQL> select * from dba_audit_trail;
no rows selected
SQL> grant delete any table to ch;
Grant succeeded.
SQL> !date
Tue May 31 15:57:38 CST 2011
SQL> quit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
$ pwd
/u01/app/oracle/admin/repdb/adump
-rw-r----- 1 repdboinstall 858 May 31 15:56 ora_2979.aud
-rw-r----- 1 repdboinstall1063 May 31 15:57 ora_2981.aud
$ more ora_2981.aud
Audit file /u01/app/oracle/admin/repdb/adump/ora_2981.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = /u01/app/oracle/product/10.2.0
System name:SunOS
Node name:t93
Release:5.10
Version:Generic_137137-09
Machine:sun4u
Instance name: repdb
Redo thread mounted by this instance: 1
Oracle process number: 18
Unix process pid: 2981, image: oracle@t93 (TNS V1-V3)
Tue May 31 15:57:15 2011
LENGTH : '136'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[5] 'repdb'
CLIENT TERMINAL:[5] 'pts/1'
STATUS:[1] '0'
Tue May 31 15:57:24 2011
LENGTH : '159'
ACTION :[29] 'select * from dba_audit_trail'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[5] 'repdb'
CLIENT TERMINAL:[5] 'pts/1'
STATUS:[1] '0'
Tue May 31 15:57:36 2011
LENGTH : '158'
ACTION :[28] 'grant delete any table to ch'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[5] 'repdb'
CLIENT TERMINAL:[5] 'pts/1'
STATUS:[1] '0'
另外,还有一个指令是AUDIT DELETE,UPDATE,INSERT ON user.table by SYSTEM;这个指令总是报错,报by后面应该跟access或者是session。
请大家帮忙看看这两个问题。
|
