Audit on schema

11.2.0.2.0
Just looking for confirmation if I want to audit access to any object in a schema I have to run "audit all on schema.object" by dynamically creating the script from dba_objects.
Is there anything along the lines of "audit all on schema"

sb92075 wrote:
>Is there anything along the lines of "audit all on schema"
No
what happens when new objects are created in the schema after such a command were issued?
well if there were such a command then there would either be be a default of A) new objects audited by default or B) override default by specifying new objects are not to be audited. or vice versa
but as there isnt, then they wont be.

Similar Messages

Audit whole schema objects by multiple users or schemas in oracle 11gR2

OS: LInux
DB: Oracle 11gR2
schema as many tables and DML access given to many user/schemas in oracle db.
AUDIT ALL BY test BY ACCESS; appears to be audit records created only when changes are done using actual owner connection but not grantee..
I need to audit all the test tables DML and DDL performed not just owner but all the grantees (grantees action should be audited only grantee do dml or ddl on test owner tables not his own tables).
Need to audit test owner tables accessed by multiple users DML and DDL actions..
is there any simplest way to do this and can someone please help me out?
thanks.

http://docs.oracle.com/cd/E11882_01/server.112/e26088/statements_4007.htm#i2059073
Please read the passage labeled 'Auditing by clause'. It answers your question.
Kindly consult documentation before asking any question.
Sybrand Bakker
Senior Oracle DBA

Issue in creating OPSS Schema with rcu.

Hi,
There is an issue in creating the OPSS schema in oracle DB 11.2.0.3.0 even though the rcu (Oracle Fusion Middleware Repository Creation Utility 11g (11.1.2.1.0)
   completed it without any error with status of success opss schema at the end of it's creation operation.
      But the validation of opss schema is getting Failed as shown by this query ! I 've refferenced this Doc's Configuring the OPSS Security Store
SQL> desc jps_dn;
ERROR:
ORA-04043: object jps_dn does not exist
There is no error in rcu log And in opss.log as well. Also There is NO issue in createing the Other schema's like OIM,OAM,OAAM
    Wonder what am missing here that causing the shema not reflecting or Validation of it getting Failed in the database.
     Also i 've tried by changing this sec_case_sensitive_logon value to False from true in the DB but to no effect.
     in both cases the OPSS schema validation is getting failed.
     Greately appreciate any suggestion.
Please see the following summary of rcu operation
Repository Creation Utility: Create - Completion Summary
Database details:
Host Name                       : ebs.oracle.com
Port                            : 1521
Service Name                    : IAM.ORACLE.COM
Connected As                    : sys
Prefix for (prefixable) Schema Owners : DEV
RCU Logfile                     : /data/Rootdownloads/rcuHome/rcu/log/logdir.2013-09-25_04-57/rcu.log
Component schemas created:
Component                       Status Logfile /data/Rootdownloads/rcuHome/rcu/log/logdir.2013-09-25_04-57/opss.log
Oracle Platform Security Services               Success
Please suggest.
Thanks
Priya

Hi,
Thanks for the response Hussein and Helios,
   I am able to solve the issue as it was due to incorrect rcu version.
But I am really struggling to Configure Policy store for the last 10 days with the following Error. I would be highly obliged if you could guide me on this issue.
I am getting stuck at this Error while running configureSecurityStore.py. for the error I 've refferenced these Metalink Note ID's
But to No Avail.
configureSecurityStore.py Fails With ORA-00001: unique constraint (DEV_OPSS.IDX_JPS_RDN_PDN) violated. (Doc ID 1547423.1) (1549203.1)
   Summarining
   The steps that I 've followed
1. Created the Schema's Using rcu 11g (11.1.2.0.0) on 11.2.0.3.0 Oracle DB. (OS :RHEL 64 bit)
2. Insatlled Weblogic 10.3.6
3. Installed   Oracle Identity and Access Management 11g (11.1.2.0.0) And SOA 11.1.1.7.0
4. Run config.sh to create OIM,OAM and OAAM domains
5. Run setDomainEnv.sh from user_projects/domains//bin
After that I tried to Configure the DB Policy store before starting the Admin Server. But getting the same error. every time it get failed
I 've dropped schemas and Reinstall the WLS,IAM,SOA software again But got the same Error.
at least 20 times in the last 10 days I 've Dropped schema even created New DB and Reinstalled All the IAM Software But to No Avail
Please see the following Exact Error. And I would be highly Obliged if you could drop few lines as what I am missing here in the entire process.
[oracle@ebs Middleware]$ /oracle/Middleware/oracle_common/common/bin/wlst.sh /oracle/Middleware/Oracle_IAM/common/tools/configureSecurityStore.py -d /oracle/Middleware/user_projects/domains/IAMDomain/ -c IAM -p welcome1 -m create
CLASSPATH=/oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/jdk1.6.0_30/lib/tools.jar:/oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/jdk1.6.0_30/lib/tools.jar:/oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar:/oracle/Middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/Middleware/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/jdk1.6.0_30/lib/tools.jar:/oracle/Middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar:/oracle/Middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/oracle/Middleware/wlserver_10.3/server/lib/webservices.jar:/oracle/Middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/oracle/Middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/oracle/Middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/oracle/Middleware/oracle_common/common/wlst/lib/adfscripting.jar:/oracle/Middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/oracle/Middleware/oracle_common/common/wlst/lib/mdswlst.jar:/oracle/Middleware/oracle_common/common/wlst/resources/auditwlst.jar:/oracle/Middleware/oracle_common/common/wlst/resources/igfwlsthelp.jar:/oracle/Middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/oracle/Middleware/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/oracle/Middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/oracle/Middleware/oracle_common/common/wlst/resources/oamap_help.jar:/oracle/Middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/oracle/Middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/oracle/Middleware/oracle_common/common/wlst/resources/ossoiap.jar:/oracle/Middleware/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/oracle/Middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/oracle/Middleware/oracle_common/common/wlst/resources/wsm-wlst.jar:/oracle/Middleware/utils/config/10.3/config-launch.jar::/oracle/Middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/oracle/Middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/oracle/Middleware/wlserver_10.3/common/derby/lib/derbytools.jar::
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Info: Data source is: opss-DBDS
Info: DB JDBC driver: oracle.jdbc.OracleDriver
Info: DB JDBC URL: jdbc:oracle:thin:@ebs.oracle.com:1521/iam.oracle.com
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Sep 26, 2013 1:35:36 AM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler
INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Sep 26, 2013 1:35:40 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data in progress.....
Sep 26, 2013 1:35:40 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationCredImpl migrateCredentialData
INFO: Migration of Credential Store data completed, Time taken for migration is 00:00:00
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Sep 26, 2013 1:35:41 AM oracle.security.jps.internal.config.ldap.LdapKeyStoreServiceConfigurator schemaCompatibleHandler
INFO: Keystore schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbKeyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSetup - done
Sep 26, 2013 1:35:45 AM oracle.security.jps.internal.config.ldap.LdapPolicyStoreServiceConfigurator schemaCompatibleHandler
INFO: Policy schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] seedSchemaAndCreateDIT - done
WLS ManagedService is not up running. Fall back to use system properties for configuration.
Sep 26, 2013 1:36:00 AM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateDataInternal
INFO: Migration of Admin Role Members started
Sep 26, 2013 1:36:00 AM oracle.security.jps.internal.tools.utility.destination.apibased.JpsDstPolicy migrateDataInternal
INFO: Migration of Admin Role Members completed in 00:00:00
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbPolicyStoreServiceConfigurator] testJpsService - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSetup - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
Sep 26, 2013 1:36:00 AM oracle.security.jps.internal.config.ldap.LdapAuditServiceConfigurator schemaCompatibleHandler
INFO: Audit store schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] seedSchemaAndCreateDIT - done
Sep 26, 2013 1:36:00 AM oracle.security.jps.internal.audit.AuditServiceImpl registerInternal
WARNING: Cannot register to audit service for component "JPS".
Sep 26, 2013 1:36:00 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
INFO: Migration of Audit Store data in progress.....
Sep 26, 2013 1:36:51 AM oracle.security.jps.internal.tools.utility.JpsUtilMigrationAuditStoreImpl migrateAuditStoreData
INFO: Migration of Audit Store data completed, Time taken for migration is 00:00:50
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] migrateData - done
[oracle.security.jps.internal.config.db.DbAuditStoreServiceConfigurator] testJpsService - done
persist to output: /oracle/Middleware/user_projects/domains/IAMDomain/config/fmwconfig - done
INFO: Found persistence provider "org.eclipse.persistence.jpa.PersistenceProvider". OpenJPA will not be used.
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSetup - done
Sep 26, 2013 1:36:55 AM oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator schemaCompatibleHandler
INFO: Credential store schema upgrade not required. Store Schema version 11.1.1.6.0 is compatible to the seed schema version 11.1.1.4.0
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] checkServiceSchema - Store schema has been seeded completely
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] updateServiceConfiguration - done
[oracle.security.jps.internal.config.db.DbCredStoreServiceConfigurator] seedSchemaAndCreateDIT - failed JPS-10000: There was an internal error in the policy store.
Exception in thread "main" java.lang.RuntimeException: JPS-10000: There was an internal error in the policy store.
oracle.security.jps.internal.api.common.JpsCredentialStoreLdapNodeCreationException: JPS-10000: There was an internal error in the policy store.
     at oracle.security.jps.internal.common.rdbms.util.JpsDbBootstrapImpl.createJpsCredentailStoreInLdap(JpsDbBootstrapImpl.java:303)
    at oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator.addServiceStoreBase(LdapCredStoreServiceConfigurator.java:113)
     at oracle.security.jps.internal.config.ldap.LdapCredStoreServiceConfigurator.seedSchemaAndCreateDIT(LdapCredStoreServiceConfigurator.java:142)
    at oracle.security.jps.internal.tools.configuration.ldap.LdapServiceEnabler.runConfiguration(LdapServiceEnabler.java:484)
     at oracle.security.jps.internal.tools.configuration.ldap.LdapServiceEnabler.configureCredentialStoreService(LdapServiceEnabler.java:232)
    at oracle.security.jps.internal.tools.configuration.ldap.LdapServiceEnabler.configureSecurityServices(LdapServiceEnabler.java:170)
     at oracle.security.jps.internal.tools.configuration.ldap.LdapServiceEnabler.main(LdapServiceEnabler.java:129)
Caused by: oracle.security.jps.service.policystore.PolicyStoreConnectivityException: JPS-10000: There was an internal error in the policy store.
     at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.handleRollbackException(JpsDBDataManager.java:1345)
    at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.internalCommitTxn(JpsDBDataManager.java:1508)
     at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.commitTransactionInDoAs(JpsDBDataManager.java:1475)
    at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.commitTransaction(JpsDBDataManager.java:1466)
     at oracle.security.jps.internal.common.rdbms.util.JpsDbBootstrapImpl.createJpsCredentailStoreInLdap(JpsDbBootstrapImpl.java:296)
    ... 6 more
Caused by: javax.persistence.RollbackException: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV1_OPSS.IDX_JPS_RDN_PDN) violated
Error Code: 1
Call: INSERT INTO JPS_DN (ENTRYID, PARENTDN, RDN) VALUES (?, ?, ?)
     bind => [3 parameters bound]
Query: InsertObjectQuery(EntryId=11437:rdn=cn=credentialstore:pdn=cn=jpsroot,cn=jpscontext,cn=iam,: JpsStore Entry={[EntryId = 11437:Attribute RowId = 45348
dn = cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot, EntryId = 11437:Attribute RowId = 45349
objectclass = top, EntryId = 11437:Attribute RowId = 45350
objectclass = orclContainer, EntryId = 11437:Attribute RowId = 45351
cn = CredentialStore]})
    at org.eclipse.persistence.internal.jpa.transaction.EntityTransactionImpl.commitInternal(EntityTransactionImpl.java:102)
     at org.eclipse.persistence.internal.jpa.transaction.EntityTransactionImpl.commit(EntityTransactionImpl.java:63)
    at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager$8.run(JpsDBDataManager.java:1487)
     at oracle.security.jps.internal.policystore.rdbms.JpsDBDataManager.internalCommitTxn(JpsDBDataManager.java:1492)
    ... 9 more
Caused by: Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.3.1.v20111018-r10243): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV1_OPSS.IDX_JPS_RDN_PDN) violated
Error Code: 1
Call: INSERT INTO JPS_DN (ENTRYID, PARENTDN, RDN) VALUES (?, ?, ?)
     bind => [3 parameters bound]
Query: InsertObjectQuery(EntryId=11437:rdn=cn=credentialstore:pdn=cn=jpsroot,cn=jpscontext,cn=iam,: JpsStore Entry={[EntryId = 11437:Attribute RowId = 45348
dn = cn=CredentialStore,cn=IAM,cn=JPSContext,cn=jpsroot, EntryId = 11437:Attribute RowId = 45349
objectclass = top, EntryId = 11437:Attribute RowId = 45350
objectclass = orclContainer, EntryId = 11437:Attribute RowId = 45351
cn = CredentialStore]})
    at org.eclipse.persistence.exceptions.DatabaseException.sqlException(DatabaseException.java:324)
     at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeDirectNoSelect(DatabaseAccessor.java:840)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeNoSelect(DatabaseAccessor.java:906)
     at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:592)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:535)
     at org.eclipse.persistence.internal.sessions.AbstractSession.basicExecuteCall(AbstractSession.java:1717)
    at org.eclipse.persistence.sessions.server.ClientSession.executeCall(ClientSession.java:253)
    at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:207)
     at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:193)
    at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:342)
     at org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:162)
    at org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:177)
     at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:472)
    at org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80)
     at org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90)
    at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:287)
     at org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
    at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:844)
    at org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:743)
     at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108)
    at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85)
     at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2871)
    at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1516)
     at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1498)
    at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1449)
    at org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:224)
     at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsForClassWithChangeSet(CommitManager.java:191)
    at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:136)
     at org.eclipse.persistence.internal.sessions.AbstractSession.writeAllObjectsWithChangeSet(AbstractSession.java:3799)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabase(UnitOfWorkImpl.java:1415)
     at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.commitToDatabase(RepeatableWriteUnitOfWork.java:636)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabaseWithChangeSet(UnitOfWorkImpl.java:1505)
     at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.commitRootUnitOfWork(RepeatableWriteUnitOfWork.java:267)
    at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitAndResume(UnitOfWorkImpl.java:1143)
     at org.eclipse.persistence.internal.jpa.transaction.EntityTransactionImpl.commitInternal(EntityTransactionImpl.java:84)
    ... 12 more
Caused by: java.sql.SQLIntegrityConstraintViolationException: ORA-00001: unique constraint (DEV1_OPSS.IDX_JPS_RDN_PDN) violated
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:445)
    at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:396)
    at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:879)
    at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:450)
     at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:192)
    at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
    at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java:207)
    at oracle.jdbc.driver.T4CPreparedStatement.executeForRows(T4CPreparedStatement.java:1044)
     at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1329)
    at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3593)
    at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:3674)
     at oracle.jdbc.driver.OraclePreparedStatementWrapper.executeUpdate(OraclePreparedStatementWrapper.java:1354)
    at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeDirectNoSelect(DatabaseAccessor.java:831)
     ... 45 more
    at oracle.security.jps.internal.tools.configuration.ldap.LdapServiceEnabler.throwExceptionWithStackTrace(LdapServiceEnabler.java:145)
    at oracle.security.jps.internal.tools.configuration.ldap.LdapServiceEnabler.main(LdapServiceEnabler.java:137)
Error: Failed to initialize security store.
Error: Create operation has failed.
[oracle@ebs Middleware]$
Also OPSS schema is FIne as it's get validated by this query.
SQL> select * from JPS_DN where rdn like '%cn=credentialstore%';
   ENTRYID
RDN
PARENTDN
      3004
cn=credentialstore
cn=oracleschemaversion,cn=opss,
      5004
cn=credentialstore
cn=jpsroot,cn=jpscontext,cn=iam,
   ENTRYID
RDN
PARENTDN
Please suggest.
Thanks
Priya

Business Objects Audit Database

Hi,
I am part of spport team. BO was installed just 2 yrs back, We have about 15,000+ plus user and growing fast.
Our current Audit DB is set up with main focus to monitor webi and CR. Due to large volume of data, ever 6 months we dump the audit data into our 'history database' (" would like to if there are any best practice for this "). We still are using same activity universe, but this affects our performance of audit reports. what is best appraoch to get most from our audit DB with optimum performance. Do you have any methodologies or suggestion. do we need to tweak the universe to perform better ? Would like to know the best practice to maintani the Audit database any though on this would be helpful. Have looked in BO admin guide chapter 14 "Audit Reports", this is only chapter which talks about Audit. i am looking for guide for maitainance and support for the audit DB, as our environment is gorwing need to have good reoprts on Audit informations to address our performance issues.
Cheers,
Srini

Morning,
As you are probably aware the activity universe is not ideal for reporting.
For one of my previous clients we created a small data warehouse based on the audit data.
We stripped out all the data that wasn't needed and we completely denormalised the audit DB schema with 2 fact and 4 dimension tables. Where possible we calculated our measures in the data warehouse to improve reporting performance.
By following this approach you won't run into performance issues that quickly and you won't have to archive data as frequently.
I hope this helps.
Regards
Rim Geurts

Auditing all objects...

currently i m working on AUDITING in Oracle 10g.2
-- Apply the policy to the SAL column of the EMP table.
BEGIN
DBMS_FGA.add_policy(
object_schema => 'AUDIT_TEST',
object_name => 'EMP',
policy_name => 'SAL_AUDIT',
audit_condition => NULL, -- Equivalent to TRUE
audit_column => 'SAL',
statement_types => 'SELECT,INSERT,UPDATE,DELETE');
END;
But I want to enable a auditing for AUDIT_TEST schema and all it's objects and columns.
BEGIN
DBMS_FGA.add_policy(
object_schema => 'AUDIT_TEST',
policy_name => 'ALL_AUDIT_TEST',
audit_condition => NULL, -- Equivalent to TRUE
statement_types => 'SELECT,INSERT,UPDATE,DELETE');
END;
HOw can we enable auditing for SCHEMA and all it's objects ?
Regards,
Rakesh Soni
http://rakeshocp.blogspot.com/

Object level auditing can be enabled for specific dml and ddl operation like.
audit delete table
audit update table.
Audit comes with over head so possible audit only required tables for suspicious activities.
AUDIT SELECT on emp;
AUDIT SELECT,delete on emp;
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/cfgaudit.htm#i1011521

BO4 - No CMS is configured as an auditor

Getting caution alerst in BO4 Central Management server and these mentioning number of audit events in queue.
when look in Auditing tab in CMC get
BO4 - No CMS is configured as an auditor message.
tnsmaes fine and can communicate via sqlplus to the audit datasource fine.
What is causing this.
How can we resolve.
Notice in central management server command line mentions - noaduditor but cannot change this.
No connection to Auditing Data Store from CMS SIA_NEW.CentralManagementServer
Any ideas?
Thanks
Edited by: Philip O'Rourke on Jan 31, 2012 5:35 PM

Thanks for suggestion but not the case here.
can communicate fine from server to audit database schema via sqlplus.
Notice the central management server has a -noauditor switch and auditing page says client auditing not available.
Cannot change the central management server command line switch to remove the -noauditor part
Any idea how to do this - ano other idea?

Tables Accessed

Hi Friends.
I have one application in C++, that access my Oracle Database. I can to know what tables were accessed (insert, update, delete, select) during the execution: as audit my schema.
Thanks a lot for any idea.

Check This .... If its useful
SELECT * FROM V$SQL;
Ashok

Generic report query that will work against common table ..

Context
We have a custom audit log scheme that inserts all table changes into a backing table via triggers. For example, an insert into table ORDER would cause a insert into ORDER_AUD.
Problem
We want to build a generic report query that will work against any audit table.
While constructing a report query for a class that uses inheritance, we see TopLink? add an extra where-clause.
We are required to set the ReferenceClass? for the query, however, the tables we are querying are not mapped to TopLink?. We just want to map the query results to objects of the Reference Class.
The extra where-clause specifies the table of the Reference Class, but since that table is not in the From clause, the query doesn't work.
The ReportQuery? in Question
public DatabaseQuery loadAuditHistory(Class cls, String audTableName ) {
String emanAuditTableName = "eman_audit";
ExpressionBuilder expressionBuilder = new ExpressionBuilder();
Expression exp = expressionBuilder.getTable(audTableName)
.getField("instance_id")
.equal(expressionBuilder.getParameter("instanceId"))
.and(expressionBuilder.getTable(audTableName).getField("audit_id")
.equal(expressionBuilder.getTable(emanAuditTableName).getField("audit_id")));
ReportQuery query = new ReportQuery(expressionBuilder);
query.setReferenceClass(cls);
query.setSelectionCriteria(exp);
query.addArgument("instanceId");
query.addAttribute("Changed By", expressionBuilder.getTable(emanAuditTableName).getField("audit_user"));
query.addAttribute("Host", expressionBuilder.getTable(emanAuditTableName).getField("audit_host"));
query.addAttribute("UTC Timestamp", expressionBuilder.getTable(emanAuditTableName).getField("audit_utc_timestamp"));
query.addAttribute("Action", expressionBuilder.getTable(audTableName).getField("table_action_code"));
Descriptor orderDescriptor = session.getDescriptor(cls);
Vector mappings = orderDescriptor.getMappings();
for (Iterator iter = mappings.iterator(); iter.hasNext();) {
Object element = (Object) iter.next();
if (element instanceof DirectToFieldMapping) {
DirectToFieldMapping mapping = (DirectToFieldMapping)element;
DatabaseField field = mapping.getField();
String tableName = field.getTableName();
String fieldName = field.getName();
query.addAttribute(fieldName, expressionBuilder.getTable(audTableName).getField(fieldName));
Expression version = expressionBuilder.getTable(audTableName).getField("version_id");
query.addOrdering(version.descending());
query.setName(GET_AUDIT_HISTORY);
return query;
Code Generated by the ReportQuery?
SELECT t0.audit_user, t0.audit_host, t0.audit_utc_timestamp,
t1.table_action_code, t1.INSTANCE_ID, t1.STATUS,
t1.REQUESTER, t1.DESCRIPTION, t1.RECIPIENT
FROM eman_audit t0, example_order_aud t1
WHERE (((t1.instance_id = 60432)
AND (t1.audit_id = t0.audit_id))
AND (EXAMPLE_ORDER.CLASS_NAME = 'eman.infra.toplink.example.project.model.Order'))
ORDER BY t1.version_id DESC
Descriptor used to Map Oder.class
public Descriptor buildOrderItemDescriptor() {
Descriptor descriptor = new Descriptor();
descriptor.setJavaClass(eman.infra.toplink.example.project.model.OrderItem.class);
descriptor.addTableName("ORDERITEM");
descriptor.addPrimaryKeyFieldName("ORDERITEM.INSTANCE_ID");
// Inheritance properties.
descriptor.getInheritancePolicy().setClassIndicatorFieldName("ORDERITEM.CLASS_NAME");
descriptor.getInheritancePolicy().useClassNameAsIndicator();
// Descriptor properties.
descriptor.useSoftCacheWeakIdentityMap();
descriptor.setIdentityMapSize(100);
descriptor.useRemoteSoftCacheWeakIdentityMap();
descriptor.setRemoteIdentityMapSize(100);
descriptor.setSequenceNumberFieldName("ORDERITEM.INSTANCE_ID");
descriptor.setSequenceNumberName("CIM_ID");
VersionLockingPolicy lockingPolicy = new VersionLockingPolicy();
lockingPolicy.setWriteLockFieldName("ORDERITEM.VERSION_ID");
descriptor.setOptimisticLockingPolicy(lockingPolicy);
descriptor.setAlias("OrderItem");
// Query manager.
descriptor.getQueryManager().checkCacheForDoesExist();
//Named Queries
// Event manager.
// Mappings.
DirectToFieldMapping instanceIdMapping = new DirectToFieldMapping();
instanceIdMapping.setAttributeName("instanceId");
instanceIdMapping.setFieldName("ORDERITEM.INSTANCE_ID");
descriptor.addMapping(instanceIdMapping);
DirectToFieldMapping ItemNumberMapping = new DirectToFieldMapping();
ItemNumberMapping.setAttributeName("ItemNumber");
ItemNumberMapping.setFieldName("ORDERITEM.ITEM_NUMBER");
descriptor.addMapping(ItemNumberMapping);
DirectToFieldMapping QuantityMapping = new DirectToFieldMapping();
QuantityMapping.setAttributeName("Quantity");
QuantityMapping.setFieldName("ORDERITEM.QUANTITY");
descriptor.addMapping(QuantityMapping);
OneToOneMapping orderMapping = new OneToOneMapping();
orderMapping.setAttributeName("order");
orderMapping.setReferenceClass(eman.infra.toplink.example.project.model.Order.class);
orderMapping.setRelationshipPartnerAttributeName("orderItems");
orderMapping.dontUseIndirection();
orderMapping.addForeignKeyFieldName("ORDERITEM.ORDER_ID", "EXAMPLE_ORDER.INSTANCE_ID");
descriptor.addMapping(orderMapping);
return descriptor;

I'm am very confused as to what you are trying to do, are you trying to query Order objects from the ORDER_AUD historical table instead of the table that the class is mapped to?
TopLink 10.1.3 (DP3) has built in support for historization, you may wish to investigate this support to allow historical querying of your audit tables.
In general you cannot use a ReportQuery to do this, a ReportQuery is for querying data from objects based on an object-level criteria. I think that you want to query objects, but just using different SQL than the descriptors are mapped to.
You could do this through a custom SQL read query,
i.e.
ReadAllQuery query = new ReadAllQuery(Order.class);
query.setSQLString("Select * from ORDER_AUD where INSTANCE_ID = #id");
query.addArgument("id");
Vector argumentValues = new Vector(1);
argumentValues.add(id);
List objects = (List) session.executeQuery(query, argumentValues);
As long as the field names in the audit and the original table matched this would work. However if this is a historical table, then I would guess that there might be multiple objects with the same id, so querying these historical objects could confuse the TopLink cache. You could set dontMaintainCache() on the query to avoid this.
In general you would probably be much better off having two sessions, one with the descriptors mapped to the normal tables, and one with the descriptors mapped to the audit tables. Then you would be able to query both using regular object-level queries.

Audit activity for all objects in a schema

Hi,
Is there a way to audit all DDL statements and certain DML statements (i.e. DELETE) for all objects in a particular schema? I've been going through the Oracle documentation, and there doesn't seem to be a straightforward way to do this. For example, I've figured out that I can audit all DELETEs (too broad) or DELETEs on a particular schema object (too narrow), but nothing in between.
The "AUDIT...BY <USER>" statement looked promising, but it doesn't cover statements issued by other users with access to the schema.
Any help greatly appreciated!

Is there a way to audit all DDL statements and certain DML statements (i.e. DELETE) for all objects in a particular schema?You can audit all the DDLs you need and the DMLs you need.
For example, I've figured out that I can audit all
DELETEs (too broad) or DELETEs on a particular schema
object (too narrow), but nothing in between.I think you need to explain more on what you need to do because your "but nothing in between" is not clear.
Something in between ?
SQL>AUDIT DELETE ON EMP;
SQL>AUDIT DELETE ON EMP WHENEVER SUCCESSFUL;
SQL>AUDIT DELETE ON EMP WHENEVER NOT SUCCESSFUL;
SQL>AUDIT SELECT ON EMP;
The "AUDIT...BY <USER>" statement looked promising, but it doesn't cover statements issued by other users with access to the schemaYou can audit BY ACCESS, BY PROXY, BY SESSION

Database Auditing to record DELETE operation on a schema for all tables.

Hi,
I am using ORACLE DATABASE 11g. I want to apply the AUDIT feature to record all the DELETE operations happening on the schema tables.
I did the following steps but dint got the proper output :-
I logged into the SYS as sysdba user and set
alter system set audit_trail=DB,EXTENDED scope=spfile;then i executed this command to record the sql which will use the DELETE privileges
AUDIT DELETE ANY TABLE;Then i bounced back my DB and for testing purpose i created a table in SCOTT schema and inserted 10 rows in it and then DELETE all the rows from it.
As per expectation i check the view
select * from aud$
where spare1 like '%MACHINE1%'
and USERID='SCOTT'
order by ntimestamp#;The output i got is :-
34 168368 1 1 SCOTT I-DOMAIN\MACHINE1 MACHINE1 100 0 Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=2565)) MACHINE1 5 21-DEC-11 07.02.58.621000 AM 0 928:5024 0000000000000000 983697018 <CLOB> <CLOB> But here i don't see the SQL generated in the last column.
What i was expecting is that if i fire a DELETE statement in the schema it will get logged here and with the help of this view i will be able to see that which user from which machine executed a DELETE statement and what that statement was?
Please let me know what step i have missed here.
PS:- The ACTION# column shows 100 , is it the code for DELETE action. I also accessed the DBA_AUDIT_TRAIL view but din't found any usefull info their.
Thanks in advance.

Try instead:
audit delete table;AUDIT DELETE ANY TABLE is auditing use of DELETE ANY TABLE privilege.

Audit All DML and DDL on an Application Schema

Hello;
I have a requirement to audit all DML and DDL on an Application Schema (Lets say SCOTT). I have set:
ALTER SYSTEM SET audit_trail = XML, EXTENDED scope=spfile; -- Want my audit log on the OS with Bind and SQL.
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS = TRUE scope=spfile; -- Want to audit sysdba and sysoper activity
audit create session; -- Want to see both logins and failed logins
How would I get all DML and DDL on an Application Schema (SCOTT)?
I am using 11iR1 Standard Edition.

Have look at system_privilege_map and find all the options you need to audit...
or you can use the below script..
SELECT 'audit ' ||LOWER(name) || ' by app_user;'
FROM system_privilege_map;
if you want to filter-out the one you have already audited, then use dba_priv_audit_opts ...
Hope this info will be useful to you...
Thanks,

Dynamically establish auditing on a schema tables?

Hello,
I need to create a script for dynamically to audit the DML (insert, update etc) on a schemas (all the tables) of a database. This data should be stored in a separate tablespace. how can i accomplish this?
Thank you for your help.

customer requires they want all DML changes recorded into a table in a different tablespce, different than what exactly?
but we cannot use the triggers becuase of the security concerns. not allowing TRIGGER complicates solution.
so some dynamic script ii need to generate the DML changes on any table performed in a schema.EXACTLY what/who/which session is supposed to produce & run the mythical SQL?

Schema level auditing

Hi
Oracle :9i
OS : Solaris
I have a schema in which i have around 1000 tables. and developers frequently modify
tables by adding columns etc.
I want to keep a log for the whole schema which table is modified(i.e what column is added)
we have a view user_objects in which i can find object_name and time.
I would like to log the added columns too.
How shall i write a trigger for the whole schema. or any alternative..
regards,

Hi,
Read the fine manual.
http://download.oracle.com/docs/cd/B10501_01/server.920/a96524/c25audit.htm#6098
And design your own auditing.
Edited by: Mohammed Taj on Jul 27, 2009 2:34 PM

Need to Audit ALTER, DROP or TRUNCATE on All Tables in a Schema

Hello,
I need to audit any ALTER, DROP or TRUNCATE on all tables in the "X" schema including operations done by the "X" account.
Oracle Version = 11g Release 11.1.0.6.0
audit_sys_operations = TRUE
audit_trail = XML, EXTENDED
Thanks!

Sky13 wrote:
Hi Srini;
After rereading my last post I have to apologize for being obnoxious. I have been trying:
No apology is necessary - you are not doing me any favors ;-)
audit alter table; This I get "Audit succeeded" Good - this means that any ALTER TABLE command issued by any user, whether the command is successful or not, will be logged.
audit truncate table; This I get "ORA-00956: missing or invalid auditing option" I do not have access to a database currently, so cannot verify what is wrong - it looks correct - pl verify syntax.
>
I see them both in the documentation you referenced and in another places. I am certain I am missing something.
Thanks for the help!!!! and again I apologize.You are welcome. I would suggest you experiment in a test database first :-)
HTH
Srini

AUDIT,CMS,BOMM: Same database, different schemas..?

Hi,
When installing BOE 3.0 and BOMM 3.0, is it ok to put these repos in the same oracle database, in different schemas, or is it recommended to have bomm repo in a separate database ? Any experiences ?
Thanks,
- jem

different schemas is just fine

Audit on schema

Similar Messages

Maybe you are looking for