Audit a Specific User

hi all,
This is 10g on Windows
I want to find out which tables are accessed by a certain user. (it's a round-a-bout way of determining which tables are updated when this user creates/deletes a user withing the application software)
I know about this: audit select,insert,update,delete on table1
But.. I dont know the table names - I want the audit trail to show all the tables the user accessed while auditing was enabled.
Can I do that? Thanks, John

AUDIT ALL BY john;will audit all actions by John in Table 13-1
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#g2274817
AUDIT SELECT TABLE BY john;
AUDIT INSERT TABLE BY john;
AUDIT DELETE TABLE BY john;will, additionally, audit all SELECT, INSERT, DELETE statements executed by John. See Table 13-2
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#g2274817

Similar Messages

  • Limiting file access auditing to specific users

    I'd like to enable file system logging for specific users. Presently, under Advanced Audit Policy Config on the local file server (Win 2k8 R2 Std) I have enabled Audit File Share - but I get every users activity.  I want to limit it to a few users. 
    As a test, I have added auditing to the security properties of a specific share, only for specific users, but that does not work if the Audit File Share isn't enabled.  And if it is, I get all users activity.  Any way to limit logging to specific
    users?  Thanks.

    Hi Mike,
    Based on my research, there are no system access control lists (SACLs) for shared files/folders, so that once we enable file share auditing, access to all shared files and folders on the system is audited.
    More information for you:
    Audit Detailed File Share
    http://technet.microsoft.com/en-us/library/ee215206(v=WS.10).aspx
    Audit File Share
     http://technet.microsoft.com/en-us/library/dd772690(v=WS.10).aspx
    Detailed File Share Auditing not working properly (Applying to All Files)
    http://social.technet.microsoft.com/Forums/en-US/42618663-61cf-4c05-9659-80c162511cbf/detailed-file-share-auditing-not-working-properly-applying-to-all-files?forum=winservergen
    Best Regards,
    Amy

  • Auditing a specific user for their session

    Is it possible to enable/disable auditing for a user in a way similar to enabling/disabling a role?
    What I'm trying to do is - enable auditing for a user when they login to an application (where the application enables it's roles via an application based role - (role identified using a package)) and - when the user logs out have auditing automatically 'disable'.
    I'm not sure if this is possible. Any insight/suggestions are greatly appreciated.
    Thanks!

    If I am understanding your question correctly, you can use fine grained auditing for this. As far as I know, you can't conditionally audit using regular constructs. You can do something like...
    begin
      dbms_fga.add_policy(object_schema   => 'YOUR_USER',
                          object_name     => 'YOUR_TABLE',
                          policy_name     => 'YOUR_TABLE_AUDIT',
                          audit_condition => 'sys_context(''userenv'',''os_user'') = ''howards''',
                          audit_column    => 'YOUR_COLUMN');
    end;
    /This will create an audit record in dba_fga_audit_trail whenever the os_user howards selects the given column from the given table. If the same database user executes the select while connected to os_user 'raymond', the select won't be audited.
    Some of the sys_context parameters are easily spoofed, but the idea should hold true no matter how you evaluate the session.

  • Audit specific objects for specific users

    audit statement has the option to choose audit by user list
    audit object has the option to choose audited objects
    now i need to audit specific objects, i.e. user A's tables accessed by a specific group of users, let's say ALL users other than A
    Is it a simple way to achieve this goal? (audit A's tables that accessed by all database users other than A)
    Thanks!

    sorry, the link works now. However, there is nothing new in 10G, same as I read from 9i document. See my highlight below in the quoted document text, my requirements is the combination of them ( specific users and specific objects). Thanks anyway.
    <quote
    Table 8-1 Auditing Types and Descriptions
    Type of Auditing (link to discussion)      Meaning/Description
    Statement Auditing      Enables you to audit SQL statements by type of statement, not by the specific schema objects on which they operate. Typically broad, statement auditing audits the use of several types of related actions for each option. For example, AUDIT TABLE tracks several DDL statements regardless of the table on which they are issued. You can also set statement auditing to audit selected users or every user in the database.
    Privilege Auditing
         Enables you to audit the use of powerful system privileges that enable corresponding actions, such as AUDIT CREATE TABLE. Privilege auditing is more focused than statement auditing, which audits only a particular type of action. You can set privilege auditing to audit a selected user or every user in the database.
    Schema Object Auditing
         Enables you to audit specific statements on a particular schema object, such as AUDIT SELECT ON employees. Schema object auditing is very focused, auditing only a single specified type of statement (such as SELECT) on a specified schema object. Schema object auditing always applies to all users of the database.
    Fine-Grained Auditing
         Enables you to audit at the most granular level, data access and actions based on content, using any Boolean measure, such as value > 1,000,000. Enables auditing based on access to or changes in a column.
    /quote>

  • DATABASE AUDIT SPECIFICATION ON SPECIFIC USERS

    Hi All,
    Currently I am using SQL server 2012 and would like to implement database audit specification on specific users in my database. These are the users in my database name Payroll :-
    Payroll\Andy.Bred - db_owner
    Payroll\Arpit.Shah - db_owner
    Payroll\webapp - db_datareader, db_datawriter, EXECUTE
    web_payroll - db_datareader, db_datawriter, EXECUTE
    In my database audit specification settings, I would like to capture any SELECT,UPDATE,DELETE and EXECUTE command for users Payroll\Andy.Bred & Payroll\Arpit.Shah only since they owned db_owner access. However, I am unable to capture any single command
    from both users. I do not want to put 'Principal' as public since I just want to capture both users activity.
    Is it I miss out anything? Is it because of windows login account? Hope can get some advise here. Highly appreciated.
    Thanks.
    Best Regards,
                     Han

    Hi   Han,
    Are your Windows login accounts member of the SQL Server sysadmin role? If that is the case, the login accounts are indirectly mapped as database user dbo. Please change the principal name in the audit action name to dbo and check if the users activity is
    being audited.
    There are also similar threads for your reference.
    http://www.sqlservercentral.com/Forums/Topic1082578-1526-1.aspx
    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/a1df289d-555e-46c3-803a-2ae97af807a3/sql-auditing-database-audit-specification-is-not-logging-events-by-windows-authenticated-user?forum=sqlsecurity
    Thanks,
    Lydia Zhang
    Lydia Zhang
    TechNet Community Support

  • Brief report of about 2 months for the sqls run under a specific user ?

    Hi,
    Is there a way i can get the brief report of about 2 months for the sqls run under a specific user in Oracle 11g.
    thanks in advance

    913410 wrote:
    Yes,
    auditing is enabled
    SQL> show parameter audit;
    NAME                                 TYPE        VALUE
    audit_file_dest                      string      /u01/app/oracle/admin/PRCMTDB/
    adump
    audit_sys_operations                 boolean     FALSE
    audit_syslog_level                   string
    audit_trail                          string      DBthen how to get the informationabove is necessary, but not SUFFICIENT
    default Oracle behavior is that NO specific actions are audited.
    You would have had to manually enable AUDIT for all SQL statement by single user

  • Auditing of privileged users needed

    I know that the SYS.AUD$ table audits all users except SYS and INTERNAL (not sure about SYSTEM). The auditing documentation [http://technet.oracle.com/docs/products/oracle8i/doc_library/817_doc/server.817/a76965/c27audit.htm] states an operating system audit trail for auditing instance startup/shutdown, as well as connections to the database for users with admin privileges. We have a requirement to log privilege users' activities.
    (a) Does this audit trail have the same schema as the SYS.AUD table?
    (b) What documentation is available that states where this audit trail resides (I know its the same directory as the background trace files IF the OS does not make an audit trail accessible to Oracle.) I.e., how is its location specified if the OS DOES make an audit trail available to Oracle? Any assistance is greatly appreciated.

    Sorry for asking again, but I would need to be more specific in questions 1 and 2, so:
    - What of the referred versions (7, 8, 9, 10) allows and what does not allow this audit?
    - Apart from any specific user created in a database, what are the standard users which can be considered by default "privileged users" and what specific actions are suggested to be audited as a minimum.
    Thanks again! Kind regards.

  • How to pop up a system message for a specific user when She/He log on SAP

    Hi Friends,
    As we know SM02 setting will pop up a system message to all users in specific client in a specific period when the user log on SAP system; and we can do the same thing via using function module SM02_ADD_MESSAGE.
    But now we want to pop up a message to a specific user ID when somebody log on SAP via this ID, instead of all user IDs in the client. Please do we have any similar traction / function module / class method to to do this job??
    Thanks in advance.
    Joe

    Below code can be used to send a pop up message to all users who are logged on to the
    system.
    DATA: MESSAGE(128) VALUE 'Test message'.
    DATA: OPCODE TYPE X VALUE 2.
    DATA: BEGIN OF USR_TABL OCCURS 10.
    INCLUDE STRUCTURE UINFO.
    DATA: END OF USR_TABL.
    CALL 'ThUsrInfo' ID 'OPCODE' FIELD OPCODE
    ID 'TAB' FIELD USR_TABL-SYS.
    LOOP AT USR_TABL.
    CALL FUNCTION 'TH_POPUP'
    EXPORTING
    CLIENT = SY-MANDT
    USER = USR_TABL-BNAME
    MESSAGE = MESSAGE
    EXCEPTIONS
    USER_NOT_FOUND = 1.
    ENDLOOP.
    In the above code just pass the desired user ID instead of All user ID's
    Edited by: harsh bhalla on Mar 26, 2009 2:14 PM

  • OIM - Email notification to a specific user based on a dynamic rule

    Hello, After creation of account in a particular target resource I need to send an email to a specific user based on the location of the user (e.g area admin).
    In the notification tab of process tasks, I see only "Assignee", "Requestor", "User", "User Manager"? How can I achive the above specified requirement?
    Before posting this question, I tried to search the forum for any previous posts related to this. But I couldn't find any. May be I was not searching with right key words.
    Any help is appreciated. Thanks in advance.

    You'll need to custom code an adapter to send the email, then you can send to any user you want. Create a new task and trigger it off the completion response code. You can use the following apis:
    tcEmailNotificationUtil sendMail = new tcEmailNotificationUtil(ioDatabase);
    sendMail.setBody("Type your body here or use a string variable");
    sendMail.setSubject("Type your subject here or use a string variable");
    sendMail.setFromAddress("[email protected]");
    sendMail.sendEmail("[email protected]");
    Just populate the above pieces with the information needed.
    -Kevin

  • Draft Documents View is empty for a specific user

    Hi,
    For a specific user, when he goes on the Document Draft Reports, the Sales Document sub-form is empty. Meaning that when he ticks the "Sales Documents" option, the boxes to choose specific Sales Document does not exist (e.g. Sales Quotation, Sales Orders etc.). This happens no matter what are the other options (e.g Open Only or User Option).
    The other lists (Purchasing and Stock) are working properly. Again, all the other users do not experience the same issue as the form is working properly
    The installation is on 2007A SP01
    Any ideas?
    Thanks in advance
    Gerasimos

    Hi Gerasimos.......
    I'm sure this is a Bug in your system. If you have any of the adons then please Disconnect it and also try to create new Super User and give him license and then check with this new user for the same output.......
    Else I'm afraid you need to raise a support ticket to SAP.......
    Regards,
    Rahul

  • How to send the spool output to the specific user during ALE distribution

    Hi All
    In ALE internal order Configuration done by BAPI Method SAVEREPLICA Business object BUS2075whenever user changed the internal order which is moved to the destination system because of change data setting in data element fields.
    I want to know how to send the spool output of the changed internal order to the specific user during ALE distribution.
    Please help me to reslove the above issue
    Thanks & Regards
    KRISHGUNA

    Solved by myself

  • How to apply Software Restriction policy for specific user in local group policy object ?

    I am working on implementing user based software restriction policy programmatically for local group policy object.
    If i create a policy through Domain Controller,i do have option for software restriction policy in user configuration but in local group policy editor i don't have option for that.
    When i look for the changes made by policy applied from Domain Controller in registry, they modifies registry values for specific users on path HKEY_USERS\(SID of User)\Softwares\Policies\Microsoft\Windows\Safer\Codeidentifiers
    They also have registry.pol stored in SYSvol folder in Domain Controller. When i make the same changes in registry to block any other application, application is getting blocked.
    I achieved what i wanted but is it right to modify registry values ?  
    PS:- I am using Igrouppolicyobject API

    I achieved what I wanted but is it right to modify registry values ?
    You also can modify a registry programmatically based policy. Check this:
    http://blogs.msdn.com/b/dsadsi/archive/2009/07/23/working-with-group-policy-objects-programmatically-simple-c-example-illustrating-how-to-modify-a-registry-based-policy.aspx
    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click
    HERE to participate the survey.

  • How to block the status mail for an inbound Idoc to a specific user

    Hi,
    I have to stop sending the error status mail to a specific user depenidng on Partner Type. This will trigger when an inbound Idoc contains status error(message type INVOIC &ORDRSP).This user needs other mails which are getting triggered with the same Idoc for the same partner. Basically, the requirement is to block only the status mail for that user. The statndard task for this is TS70008125 and it uses the agent determination rule 30000001 (Idoc Administrator).in WE46, this task is assigned to process code EDIR. I have copied the task to a custom task and changed the agent determination rule. I would like to know how will I configure this task so that this custom task will trigger for the status error, without altering other workflows for the same message type & the partner type. Or is there any other way to block the mail?
    Thanks,
    Santosh

    Hi,
    I have done the required coding to exclude the specific agent from the rule,copied the task and its ready. My question is how do I map this custom task to a particular partner type, for the message type INVOIC in WE20? (The message type used for the inbound Idoc is INVOIC). I checked the Partner profile in WE20. Most of the process code is using function module as the processing type.
    Thanks,
    Santosh

  • My question is in regard to pc to mac migration. How do I migrate information from my pc with specific user account to an existing user account on my mac? I do not want to use multiple mac user accounts.

    My question is in regard to pc to mac migration. How do I migrate information from my pc with specific user account to an existing user account on my mac? I do not want to use multiple mac user accounts.

    https://discussions.apple.com/message/16371308#16371308

  • How to list all calendars that are shared to a specific user?

    Hi,
    Using Exchange Management Shell/Powershell, I want to list all calendars that are shared to a specific user 'myuser'. 
    I have tried different approaches; list all calendars for all users and then figure out which ones are shared to 'myuser', list all mailboxfolders for 'myuser' with path 'calendar' and sort out the shared ones, ... No luck so far.
    Anybody?
    babu

    Hi
    If you try this command:
    Get-MailboxPermission MyUser

Maybe you are looking for