我的问题是
审计用户webadm的
DDL (CREATE,)
DML (INSERT UPDATE, DELETE, SELECT).
查询审计结果是只能看到ddl的语句,看不到dml的删除,插入
如果是审计指定的表,如(audit select,insert,update,delete on webadm.audit_test;)
才可以审计到dml的语句
求解,要需要审计的是一个用户下的DML的语句,如何才能成功?
SQL> show parameter audit_trail
NAME
TYPEVALUE
------------------------------------ ----------- ------------------------------
audit_trail
stringDB, EXTENDED
SQL> audit select table, update table, insert table, delete table by webadm by access;
Audit succeeded.
SQL> audit create table by webadm by access;
Audit succeeded.
SQL> select user_name,audit_option,success,failure
2from dba_stmt_audit_opts
3union
4select USER_NAME,privilege,success,failure
5from dba_priv_audit_opts
6;
USER_NAME
AUDIT_OPTION
SUCCESSFAILURE
------------------------------ ---------------------------------------- ---------- ----------
WEBADM
CREATE TABLE
BY ACCESSBY ACCESS
WEBADM
DELETE TABLE
BY ACCESSBY ACCESS
WEBADM
INSERT TABLE
BY ACCESSBY ACCESS
WEBADM
SELECT TABLE
BY ACCESSBY ACCESS
WEBADM
UPDATE TABLE
BY ACCESSBY ACCESS
切换到webadm用户操作
SQL> create table audit_test(name varchar2(10));
Table created.
SQL> select * from audit_test;
no rows selected
SQL> select name from audit_test;
no rows selected
SQL> insert into audit_test values('zzf');
1 row created.
SQL> commit;
Commit complete.
回dba用户查询
SQL> set linesize 200
SQL> col obj$name for a10
SQL> col sqltext for a50
SQL> select userid,obj$name,sqltext from sys.aud$;
USERID
OBJ$NAME SQLTEXT
------------------------------ ---------- --------------------------------------------------
WEBADM
WEBADM
AUDIT_TEST create table audit_test(name varchar2(10))
SQL> noaudit select table, update table, insert table, delete table by webadm ;
Noaudit succeeded.
SQL> audit select,insert,update,delete on webadm.audit_test;
Audit succeeded.
在webadm用户操作
SQL> delete audit_test where name='zzf';
1 row deleted.
回dba用户查询
SQL> select userid,obj$name,sqltext from sys.aud$;
USERID
OBJ$NAME SQLTEXT
------------------------------ ---------- --------------------------------------------------
WEBADM
AUDIT_TEST delete audit_test where name='zzf'
|