Oracle
Oracle 11g R2 中的欄位級審計
我想對錶中的某些列啟用審計。我已經測試了 SYS、Schema 和 Table 級別的審計。指導我或向我推荐一些文件以啟用列級別的審核。
檢查是否啟用了審核:
SQL> SHOW PARAMETER AUDIT NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ audit_file_dest string /u01/app/oracle/admin/phil12c1/adump audit_sys_operations boolean FALSE audit_syslog_level string audit_trail string DB unified_audit_sga_queue_size integer 1048576如果
audit_trail未設置 (NONE),則打開審核 (asSYSDBA):ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;…然後重新啟動數據庫。
我將創建一個測試表來使用:
create table fgatest ( id number primary key, value number ); insert into fgatest values ( 1, 2 ); insert into fgatest values ( 2, 200 ); commit;現在,我將創建一個使用上表的 FGA 審計策略範例。這將審核在其結果集中包含值大於 100 的行的任何 SQL。參數不言自明。
BEGIN DBMS_FGA.add_policy( object_schema => 'C##PHIL', object_name => 'FGATEST', policy_name => 'FGA_TEST_CHECK_VALUE_GT_100', audit_condition => 'VALUE > 100', audit_column => 'VALUE'); END; /測試:
[oracle@ora12c1 ~]$ sqlplus c##phil/phil SQL*Plus: Release 12.1.0.1.0 Production on Thu Jan 30 09:55:57 2014 Copyright (c) 1982, 2013, Oracle. All rights reserved. Last Successful login time: Thu Jan 30 2014 09:37:34 +00:00 Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options SQL> SQL> select * from fgatest where value>150; ID VALUE ---------- ---------- 2 200 SQL> SQL> conn / as sysdba Connected. SQL> select session_id,timestamp,db_user,sql_text from dba_fga_audit_trail; SESSION_ID TIMESTAMP DB_USER SQL_TEXT ---------- --------- ---------- ------------------------- 280018 30-JAN-14 C##PHIL select * from fgatest where value>150 SQL>注意我已經在 12c 上完成了測試,但是這個測試也可以在 11.2 上完美執行。