Auditing Grant activities
Objective
=========
I want to audit any grants made on my database objects. In addition to the basic information(timestamp, grantor, DB object, machine name, IP address etc.), I want to track the level of access granted (insert, delete, update, select) and the grantee.
Current Solution
================
1. Going forward - for new tables, I can execute "AUDIT GRANT TABLE BY ACCESS"
2. For existing tables - I have to execute "AUDIT GRANT ON tablename BY ACCESS" for every single table
For #2, I can generate a script off of SYS.ALL_OBJECTS
Questions
=========
1. Is there a simpler way of achieving the objective?
2. The OBJ_PRIVILEGE column in SYS.DBA_AUDIT_TRAIL has Y in certain positions, depending on which access was granted. I can run tests and figure out which ones correspond to insert/delete/update/select but is there a comprehensive list to explain which position corresponds to which access?
Thanks for all your help!
CK
Not off the top of my head. We only audit DDL and access by an emergency ID so the obj_privilege column is always null in my current data.
If I wanted to know what the 'Y' values related to I would probably read the source for the audit views in $ORACLE_HOME/rdbms/cataudit.sql. That would be my suggestion to you.
Let me know what you find. I am going to be tied up for the next few days and my list of things to check out grows every day or two so much of it falls by the wayside.
HTH -- Mark D Powell --
Similar Messages
-
hi,
suppose a user login using Oracle ID and Password and can do insert, delete, drop, create, alter.
from upper management, changing the grant permission is not an option.
how do audit an user activites, on 10gR2 or 11gR2?
thanks.See the security guide:
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/auditing.htm#i1011984
also the SQL reference:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#i2059073
You will probably arrive at something like
AUDIT TABLE BY username; -- audits CREATE and DROP
AUDIT ALTER TABLE BY username;
AUDIT INSERT TABLE BY username;
AUDIT UPDATE TABLE BY username;
AUDIT DELETE TABLE BY username;
etc.
Read the material carefully, so you understand 'statement auditing' versus 'privilege auditing', etc. There are multiple, overlapping concepts here.
Audit records such as these can be reviewed in SYS.DBA_AUDIT_TRAIL. -
Auditing non-dba user grants?
Hi,
I'm trying to audit if an user grants a privilege on their objects to another user. ex:
show user
USER is "TESTUSER1"
grant select on mytable1 to testuser2I'm trying with "AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS" but it only audit grants/revokes performed by DBA user.
Also I'm trying whit "AUDIT GRANT TABLE BY ACCESS" but nothing appears in audit trail.
How can I do it?
Oracle version 11.1.0.6
audit parameters:
audit_sys_operations boolean TRUE
audit_trail string DBRegardsOk, I know what was happening.
I was testing it without closing the test-user session. I didn't know that the AUDIT GRANT won't work in the active sessions at activation time.
ex:
TERMINAL 1:
$ sqlplus '/as sysdba'
SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:44:04 2013
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Conectado a:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> show parameter audit_trail;
NAME TYPE VALUE
audit_trail string DB
SQL> audit resource, connect;
Auditoría terminada correctamente.
SQL> create user testuser1 identified by ****;
Usuario creado.
SQL> create user testuser2 identified by ****;
Usuario creado.
SQL> grant resource, connect to testuser1;
Concesión terminada correctamente.TERMINAL 2:
sqlplus
SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:45:19 2013
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Introduzca el nombre de usuario: testuser1
Introduzca la contraseña:
Conectado a:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create table TEST_TABLE (n number);
Tabla creada.
SQL> grant select on TEST_TABLE to testuser2;
Concesión terminada correctamente.
SQL> revoke select on TEST_TABLE from testuser2;
Revocación terminada correctamente.
SQL> drop table TEST_TABLE;
Tabla borrada."testuser1" session still open in terminal 2.
TERMINAL 1:
SQL> set linesize 190
SQL> col OBJECT format A30
SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
USERNAME TIMESTAMP ACTION_NAME OBJECT SES_ACTIONS
TESTUSER1 26-ABR-2013 11:45:22 LOGON .
TESTUSER1 26-ABR-2013 11:45:35 CREATE TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:46:00 DROP TABLE TESTUSER1.TEST_TABLE
SQL> AUDIT GRANT TABLE;
Auditoría terminada correctamente.The AUDIT GRANT TABLE is now activated, but it won't work yet...
TERMINAL 2 (testuser1 session was still opened):
SQL> create table TEST_TABLE2 (n number);
Tabla creada.
SQL> grant select on TEST_TABLE2 to testuser2;
Concesión terminada correctamente.
SQL> revoke select on TEST_TABLE2 to testuser2;
revoke select on TEST_TABLE2 to testuser2
ERROR en línea 1:
ORA-00905: falta una palabra clave
SQL> revoke select on TEST_TABLE2 from testuser2;
Revocación terminada correctamente.
SQL> drop table TEST_TABLE2;
Tabla borrada.TERMINAL 1:
SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
USERNAME TIMESTAMP ACTION_NAME OBJECT SES_ACTIONS
TESTUSER1 26-ABR-2013 11:45:22 LOGON .
TESTUSER1 26-ABR-2013 11:45:35 CREATE TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:46:00 DROP TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:47:16 CREATE TABLE TESTUSER1.TEST_TABLE2
TESTUSER1 26-ABR-2013 11:47:52 DROP TABLE TESTUSER1.TEST_TABLE2Lets close and reopen "testuser1" session
TERMINAL 2:
SQL> exit
Desconectado de Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
$ sqlplus
SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:48:19 2013
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Introduzca el nombre de usuario: testuser1
Introduzca la contraseña:
Conectado a:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create table TEST_TABLE3 (n number);
Tabla creada.
SQL> grant select on TEST_TABLE3 to testuser2;
Concesión terminada correctamente.
SQL> revoke select on TEST_TABLE3 from testuser2;
Revocación terminada correctamente.
SQL> drop table TEST_TABLE3;
Tabla borrada.Now the grant/revoke is audited:
TERMINAL 1:
SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, OBJ_PRIVILEGE, GRANTEE from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
USERNAME TIMESTAMP ACTION_NAME OBJECT OBJ_PRIVILEGE GRANTEE
TESTUSER1 26-ABR-2013 11:45:22 LOGOFF .
TESTUSER1 26-ABR-2013 11:45:35 CREATE TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:46:00 DROP TABLE TESTUSER1.TEST_TABLE
TESTUSER1 26-ABR-2013 11:47:16 CREATE TABLE TESTUSER1.TEST_TABLE2
TESTUSER1 26-ABR-2013 11:47:52 DROP TABLE TESTUSER1.TEST_TABLE2
TESTUSER1 26-ABR-2013 11:48:26 LOGON .
TESTUSER1 26-ABR-2013 11:48:39 CREATE TABLE TESTUSER1.TEST_TABLE3
TESTUSER1 26-ABR-2013 11:48:46 GRANT OBJECT TESTUSER1.TEST_TABLE3 ---------Y------ TESTUSER2
TESTUSER1 26-ABR-2013 11:48:56 REVOKE OBJECT TESTUSER1.TEST_TABLE3 ---------N------ TESTUSER2
TESTUSER1 26-ABR-2013 11:49:02 DROP TABLE TESTUSER1.TEST_TABLE3
10 filas seleccionadas.Anyway, thanks Balazs Papp because i was looking for the AUDIT GRANT ON DEFAULT ;)
Regards -
Hi Expert,
we are required to enable auditing . we will enable it at DB level . but we wan to audit only one specific user not all. how we can achieve thisThis is on my windows 11.2.0.1.0 sqlplus cut and paste.
C:\WINDOWS>sqlplus sys/girish as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Nov 18 19:10:12 2011
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> @getaud;
AUDIT STATEMENT
AUDIT ALTER ANY PROCEDURE BY ACCESS ;
AUDIT ALTER ANY TABLE BY ACCESS ;
AUDIT ALTER DATABASE BY ACCESS ;
AUDIT ALTER PROFILE BY ACCESS ;
AUDIT ALTER SYSTEM BY ACCESS ;
AUDIT ALTER USER BY ACCESS ;
AUDIT AUDIT SYSTEM BY ACCESS ;
AUDIT CREATE ANY JOB BY ACCESS ;
AUDIT CREATE ANY LIBRARY BY ACCESS ;
AUDIT CREATE ANY PROCEDURE BY ACCESS ;
AUDIT CREATE ANY TABLE BY ACCESS ;
AUDIT STATEMENT
AUDIT CREATE EXTERNAL JOB BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS ;
AUDIT CREATE SESSION BY ACCESS ;
AUDIT CREATE USER BY ACCESS ;
AUDIT DATABASE LINK BY ACCESS ;
AUDIT DROP ANY PROCEDURE BY ACCESS ;
AUDIT DROP ANY TABLE BY ACCESS ;
AUDIT DROP PROFILE BY ACCESS ;
AUDIT DROP USER BY ACCESS ;
AUDIT EXEMPT ACCESS POLICY BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS ;
AUDIT STATEMENT
AUDIT GRANT ANY PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY ROLE BY ACCESS ;
AUDIT PROFILE BY ACCESS ;
AUDIT PUBLIC SYNONYM BY ACCESS ;
AUDIT ROLE BY ACCESS ;
AUDIT SYSTEM AUDIT BY ACCESS ;
AUDIT SYSTEM GRANT BY ACCESS ;
29 rows selected.
SQL> audit select table by scott by access;
Audit succeeded.
SQL> @getaud;
AUDIT STATEMENT
AUDIT ALTER ANY PROCEDURE BY ACCESS ;
AUDIT ALTER ANY TABLE BY ACCESS ;
AUDIT ALTER DATABASE BY ACCESS ;
AUDIT ALTER PROFILE BY ACCESS ;
AUDIT ALTER SYSTEM BY ACCESS ;
AUDIT ALTER USER BY ACCESS ;
AUDIT AUDIT SYSTEM BY ACCESS ;
AUDIT CREATE ANY JOB BY ACCESS ;
AUDIT CREATE ANY LIBRARY BY ACCESS ;
AUDIT CREATE ANY PROCEDURE BY ACCESS ;
AUDIT CREATE ANY TABLE BY ACCESS ;
AUDIT STATEMENT
AUDIT CREATE EXTERNAL JOB BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS ;
AUDIT CREATE SESSION BY ACCESS ;
AUDIT CREATE USER BY ACCESS ;
AUDIT DATABASE LINK BY ACCESS ;
AUDIT DROP ANY PROCEDURE BY ACCESS ;
AUDIT DROP ANY TABLE BY ACCESS ;
AUDIT DROP PROFILE BY ACCESS ;
AUDIT DROP USER BY ACCESS ;
AUDIT EXEMPT ACCESS POLICY BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS ;
AUDIT STATEMENT
AUDIT GRANT ANY PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY ROLE BY ACCESS ;
AUDIT PROFILE BY ACCESS ;
AUDIT PUBLIC SYNONYM BY ACCESS ;
AUDIT ROLE BY ACCESS ;
AUDIT SELECT TABLE BY SCOTT BY ACCESS ; <----------- New Row
AUDIT SYSTEM AUDIT BY ACCESS ;
AUDIT SYSTEM GRANT BY ACCESS ;
30 rows selected.
SQL> noaudit select table by scott;
Noaudit succeeded.
SQL> @getaud;
AUDIT STATEMENT
AUDIT ALTER ANY PROCEDURE BY ACCESS ;
AUDIT ALTER ANY TABLE BY ACCESS ;
AUDIT ALTER DATABASE BY ACCESS ;
AUDIT ALTER PROFILE BY ACCESS ;
AUDIT ALTER SYSTEM BY ACCESS ;
AUDIT ALTER USER BY ACCESS ;
AUDIT AUDIT SYSTEM BY ACCESS ;
AUDIT CREATE ANY JOB BY ACCESS ;
AUDIT CREATE ANY LIBRARY BY ACCESS ;
AUDIT CREATE ANY PROCEDURE BY ACCESS ;
AUDIT CREATE ANY TABLE BY ACCESS ;
AUDIT STATEMENT
AUDIT CREATE EXTERNAL JOB BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS ;
AUDIT CREATE SESSION BY ACCESS ;
AUDIT CREATE USER BY ACCESS ;
AUDIT DATABASE LINK BY ACCESS ;
AUDIT DROP ANY PROCEDURE BY ACCESS ;
AUDIT DROP ANY TABLE BY ACCESS ;
AUDIT DROP PROFILE BY ACCESS ;
AUDIT DROP USER BY ACCESS ;
AUDIT EXEMPT ACCESS POLICY BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS ;
AUDIT STATEMENT
AUDIT GRANT ANY PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY ROLE BY ACCESS ;
AUDIT PROFILE BY ACCESS ;
AUDIT PUBLIC SYNONYM BY ACCESS ;
AUDIT ROLE BY ACCESS ;
AUDIT SYSTEM AUDIT BY ACCESS ;
AUDIT SYSTEM GRANT BY ACCESS ;
29 rows selected.
SQL>Now your question :
Allright is i want to audit scott user's all activities ,DDL,DML ,Select logon login every thing then what shoul i do.So, just use audit statement with by clause and run above getaud script to see its impact.
here it is my getaud.sql which i obtained from [ http://www.myoraclesupports.com/content/script-generate-audit-and-noaudit-statements-current-audit-settings ] link.
select 'AUDIT '||m.name||decode(u.name,'PUBLIC',' ',' BY '||u.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' BY SESSION WHENEVER SUCCESSFUL ',
2,' BY ACCESS WHENEVER SUCCESSFUL ',
10,' BY SESSION WHENEVER NOT SUCCESSFUL ',
11,' BY SESSION ', -- default
20, ' BY ACCESS WHENEVER NOT SUCCESSFUL ',
22, ' BY ACCESS',' /* not possible */ ')||' ;'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u, sys.stmt_audit_option_map m
WHERE a.user# = u.user# AND a.option# = m.option#
and bitand(m.property, 1) != 1 and a.proxy# is null
and a.user# > 0
UNION
select 'AUDIT '||m.name||decode(u1.name,'PUBLIC',' ',' BY '||u1.name)||
' ON BEHALF OF '|| decode(u2.name,'SYS','ANY',u2.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' WHENEVER SUCCESSFUL ',
2,' WHENEVER SUCCESSFUL ',
10,' WHENEVER NOT SUCCESSFUL ',
11,' ', -- default
20, ' WHENEVER NOT SUCCESSFUL ',
22, ' ',' /* not possible */ ')||';'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u1, sys.user$ u2, sys.stmt_audit_option_map m
WHERE a.user# = u2.user# AND a.option# = m.option# and a.proxy# = u1.user#
and bitand(m.property, 1) != 1 and a.proxy# is not null
UNION
select 'AUDIT '||p.name||decode(u.name,'PUBLIC',' ',' BY '||u.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' BY SESSION WHENEVER SUCCESSFUL ',
2,' BY ACCESS WHENEVER SUCCESSFUL ',
10,' BY SESSION WHENEVER NOT SUCCESSFUL ',
11,' BY SESSION ', -- default
20, ' BY ACCESS WHENEVER NOT SUCCESSFUL ',
22, ' BY ACCESS',' /* not possible */ ')||' ;'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u, sys.system_privilege_map p
WHERE a.user# = u.user# AND a.option# = -p.privilege
and bitand(p.property, 1) != 1 and a.proxy# is null
and a.user# > 0
UNION
select 'AUDIT '||p.name||decode(u1.name,'PUBLIC',' ',' BY '||u1.name)||
' ON BEHALF OF '|| decode(u2.name,'SYS','ANY',u2.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' WHENEVER SUCCESSFUL ',
2,' WHENEVER SUCCESSFUL ',
10,' WHENEVER NOT SUCCESSFUL ',
11,' ', -- default
20, ' WHENEVER NOT SUCCESSFUL ',
22, ' ',' /* not possible */ ')||';'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u1, sys.user$ u2, sys.system_privilege_map p
WHERE a.user# = u2.user# AND a.option# = -p.privilege and a.proxy# = u1.user#
and bitand(p.property, 1) != 1 and a.proxy# is not null
/Regards
Girish Sharma
Edited by: Girish Sharma on Nov 18, 2011 7:18 PM
Just edited that bold fonts are not visible in code tags.
Edited by: Girish Sharma on Nov 18, 2011 7:22 PM
Another editing that "< >" are not visible, so i put it into code tags.
Edited by: Girish Sharma on Nov 18, 2011 7:24 PM
Please use and a.user# less than and greater than sign before 0; i mean not equal to... -
Auditing in oracle 10g database and oracle 10g application server
Dear friends,
We have oracle 10g application server and oracle 10g database server in place.My criteria is to audit users connected using oracle application user credentials to the database.
Can you please tell me how can i do it.
Thanks & regards,Its the database connection you want to track. The session audit will show where it came from.
Auditing is turned using this command:
alter system set audit_trail = DB scope=spfile;
Note: The use of spfile will require a DB bounce before audit starts
To audit Sessions:
audit create session;
Query by Audit Type:
SELECT A.USERNAME,
OS_USERNAME,
A.TIMESTAMP,
A.RETURNCODE,
TERMINAL,
USERHOST
FROM DBA_AUDIT_SESSION A
WHERE USERHOST = <replace with iAS servername> ;
By User
SELECT USERNAME,OBJ_NAME,ACTION_NAME , TIMESTAMP
FROM DBA_AUDIT_TRAIL WHERE USERNAME = 'SCOTT';
Check for users sharing database accounts
select count(distinct(terminal)),username
from dba_audit_session
having count(distinct(terminal))>1
group by username;
Attempts to access the database at unusual hours
SELECT username, terminal, action_name, returncode,
TO_CHAR (TIMESTAMP, 'DD-MON-YYYY HH24:MI:SS'),
TO_CHAR (logoff_time, 'DD-MON-YYYY HH24:MI:SS')
FROM dba_audit_session
WHERE TO_DATE (TO_CHAR (TIMESTAMP, 'HH24:MI:SS'), 'HH24:MI:SS') <
TO_DATE ('08:00:00', 'HH24:MI:SS')
OR TO_DATE (TO_CHAR (TIMESTAMP, 'HH24:MI:SS'), 'HH24:MI:SS') >
TO_DATE ('19:30:00', 'HH24:MI:SS');
Attempts to access the database with non-existent users
SELECT username, terminal, TO_CHAR (TIMESTAMP, 'DD-MON-YYYY HH24:MI:SS')
FROM dba_audit_session
WHERE returncode <> 0
AND NOT EXISTS (SELECT 'x'
FROM dba_users
WHERE dba_users.username = dba_audit_session.username);
Other audits you might consider:
audit grant any object privilege;
audit alter user;
audit create user;
audit drop user;
audit drop tablespace;
audit grant any role;
audit grant any privilege;
audit alter system;
audit alter session;
audit delete on AUD$ by access;
audit insert on AUD$ by access;
audit update on AUD$ by access;
audit delete table;
audit create tablespace;
audit alter database;
audit create role;
audit create table;
audit alter any procedure;
audit create view;
audit drop any procedure;
audit drop profile;
audit alter profile;
audit alter any table;
audit create public database link;
Best Regards
mseberg -
How to turn off this audit?
I see lots of auditing records getting generated with action# 85, i looked up, it is truncate table.
how can i turn it off?
the following are the current auditing option from this database. which one is generating this action# 85.
====
AUDIT ADMINISTER ANY SQL TUNING SET BY ACCESS ;
AUDIT ADMINISTER DATABASE TRIGGER BY ACCESS ;
AUDIT ADMINISTER SQL MANAGEMENT OBJECT BY ACCESS ;
AUDIT ADMINISTER SQL TUNING SET BY ACCESS ;
AUDIT ADVISOR BY ACCESS ;
AUDIT ALTER ANY ASSEMBLY BY ACCESS ;
AUDIT ALTER ANY CLUSTER BY ACCESS ;
AUDIT ALTER ANY CUBE BY ACCESS ;
AUDIT ALTER ANY CUBE DIMENSION BY ACCESS ;
AUDIT ALTER ANY DIMENSION BY ACCESS ;
AUDIT ALTER ANY EDITION BY ACCESS ;
AUDIT ALTER ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT ALTER ANY INDEX BY ACCESS ;
AUDIT ALTER ANY INDEXTYPE BY ACCESS ;
AUDIT ALTER ANY LIBRARY BY ACCESS ;
AUDIT ALTER ANY MATERIALIZED VIEW BY ACCESS ;
AUDIT ALTER ANY MINING MODEL BY ACCESS ;
AUDIT ALTER ANY OPERATOR BY ACCESS ;
AUDIT ALTER ANY OUTLINE BY ACCESS ;
AUDIT ALTER ANY PROCEDURE BY ACCESS ;
AUDIT ALTER ANY ROLE BY ACCESS ;
AUDIT ALTER ANY RULE BY ACCESS ;
AUDIT ALTER ANY RULE SET BY ACCESS ;
AUDIT ALTER ANY SEQUENCE BY ACCESS ;
AUDIT ALTER ANY SQL PROFILE BY ACCESS ;
AUDIT ALTER ANY TABLE BY ACCESS ;
AUDIT ALTER ANY TRIGGER BY ACCESS ;
AUDIT ALTER ANY TYPE BY ACCESS ;
AUDIT ALTER DATABASE BY ACCESS ;
AUDIT ALTER DATABASE LINK BY ACCESS ;
AUDIT ALTER JAVA CLASS BY ACCESS ;
AUDIT ALTER JAVA RESOURCE BY ACCESS ;
AUDIT ALTER JAVA SOURCE BY ACCESS ;
AUDIT ALTER MINING MODEL BY ACCESS ;
AUDIT ALTER PROFILE BY ACCESS ;
AUDIT ALTER PUBLIC DATABASE LINK BY ACCESS ;
AUDIT ALTER RESOURCE COST BY ACCESS ;
AUDIT ALTER ROLLBACK SEGMENT BY ACCESS ;
AUDIT ALTER SEQUENCE BY ACCESS ;
AUDIT ALTER SESSION BY ACCESS ;
AUDIT ALTER SYSTEM BY ACCESS ;
AUDIT ALTER TABLE BY ACCESS ;
AUDIT ALTER TABLESPACE BY ACCESS ;
AUDIT ALTER USER BY ACCESS ;
AUDIT ANALYZE ANY BY ACCESS ;
AUDIT AUDIT ANY BY ACCESS ;
AUDIT AUDIT SYSTEM BY ACCESS ;
AUDIT BACKUP ANY TABLE BY ACCESS ;
AUDIT BECOME USER BY ACCESS ;
AUDIT CHANGE NOTIFICATION BY ACCESS ;
AUDIT CLUSTER BY ACCESS ;
AUDIT COMMENT ANY MINING MODEL BY ACCESS ;
AUDIT COMMENT ANY TABLE BY ACCESS ;
AUDIT COMMENT EDITION BY ACCESS ;
AUDIT COMMENT MINING MODEL BY ACCESS ;
AUDIT COMMENT TABLE BY ACCESS ;
AUDIT CONTEXT BY ACCESS ;
AUDIT CREATE ANY ASSEMBLY BY ACCESS ;
AUDIT CREATE ANY CLUSTER BY ACCESS ;
AUDIT CREATE ANY CONTEXT BY ACCESS ;
AUDIT CREATE ANY CUBE BY ACCESS ;
AUDIT CREATE ANY CUBE BUILD PROCESS BY ACCESS ;
AUDIT CREATE ANY CUBE DIMENSION BY ACCESS ;
AUDIT CREATE ANY DIMENSION BY ACCESS ;
AUDIT CREATE ANY DIRECTORY BY ACCESS ;
AUDIT CREATE ANY EDITION BY ACCESS ;
AUDIT CREATE ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT CREATE ANY INDEX BY ACCESS ;
AUDIT CREATE ANY INDEXTYPE BY ACCESS ;
AUDIT CREATE ANY JOB BY ACCESS ;
AUDIT CREATE ANY LIBRARY BY ACCESS ;
AUDIT CREATE ANY MATERIALIZED VIEW BY ACCESS ;
AUDIT CREATE ANY MEASURE FOLDER BY ACCESS ;
AUDIT CREATE ANY MINING MODEL BY ACCESS ;
AUDIT CREATE ANY OPERATOR BY ACCESS ;
AUDIT CREATE ANY OUTLINE BY ACCESS ;
AUDIT CREATE ANY PROCEDURE BY ACCESS ;
AUDIT CREATE ANY RULE BY ACCESS ;
AUDIT CREATE ANY RULE SET BY ACCESS ;
AUDIT CREATE ANY SEQUENCE BY ACCESS ;
AUDIT CREATE ANY SQL PROFILE BY ACCESS ;
AUDIT CREATE ANY SYNONYM BY ACCESS ;
AUDIT CREATE ANY TABLE BY ACCESS ;
AUDIT CREATE ANY TRIGGER BY ACCESS ;
AUDIT CREATE ANY TYPE BY ACCESS ;
AUDIT CREATE ANY VIEW BY ACCESS ;
AUDIT CREATE ASSEMBLY BY ACCESS ;
AUDIT CREATE CLUSTER BY ACCESS ;
AUDIT CREATE CUBE BY ACCESS ;
AUDIT CREATE CUBE BUILD PROCESS BY ACCESS ;
AUDIT CREATE CUBE DIMENSION BY ACCESS ;
AUDIT CREATE DATABASE LINK BY ACCESS ;
AUDIT CREATE DIMENSION BY ACCESS ;
AUDIT CREATE EVALUATION CONTEXT BY ACCESS ;
AUDIT CREATE EXTERNAL JOB BY ACCESS ;
AUDIT CREATE INDEXTYPE BY ACCESS ;
AUDIT CREATE JAVA CLASS BY ACCESS ;
AUDIT CREATE JAVA RESOURCE BY ACCESS ;
AUDIT CREATE JAVA SOURCE BY ACCESS ;
AUDIT CREATE JOB BY ACCESS ;
AUDIT CREATE LIBRARY BY ACCESS ;
AUDIT CREATE MATERIALIZED VIEW BY ACCESS ;
AUDIT CREATE MEASURE FOLDER BY ACCESS ;
AUDIT CREATE MINING MODEL BY ACCESS ;
AUDIT CREATE OPERATOR BY ACCESS ;
AUDIT CREATE PROCEDURE BY ACCESS ;
AUDIT CREATE PROFILE BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK BY ACCESS ;
AUDIT CREATE PUBLIC SYNONYM BY ACCESS ;
AUDIT CREATE ROLE BY ACCESS ;
AUDIT CREATE ROLLBACK SEGMENT BY ACCESS ;
AUDIT CREATE RULE BY ACCESS ;
AUDIT CREATE RULE SET BY ACCESS ;
AUDIT CREATE SEQUENCE BY ACCESS ;
AUDIT CREATE SESSION BY ACCESS ;
AUDIT CREATE SYNONYM BY ACCESS ;
AUDIT CREATE TABLE BY ACCESS ;
AUDIT CREATE TABLESPACE BY ACCESS ;
AUDIT CREATE TRIGGER BY ACCESS ;
AUDIT CREATE TYPE BY ACCESS ;
AUDIT CREATE USER BY ACCESS ;
AUDIT CREATE VIEW BY ACCESS ;
AUDIT DATABASE LINK BY ACCESS ;
AUDIT DEBUG ANY PROCEDURE BY ACCESS ;
AUDIT DEBUG CONNECT SESSION BY ACCESS ;
AUDIT DEBUG PROCEDURE BY ACCESS ;
AUDIT DELETE ANY CUBE DIMENSION BY ACCESS ;
AUDIT DELETE ANY MEASURE FOLDER BY ACCESS ;
AUDIT DELETE ANY TABLE BY ACCESS ;
AUDIT DEQUEUE ANY QUEUE BY ACCESS ;
AUDIT DIMENSION BY ACCESS ;
AUDIT DIRECTORY BY ACCESS ;
AUDIT DROP ANY ASSEMBLY BY ACCESS ;
AUDIT DROP ANY CLUSTER BY ACCESS ;
AUDIT DROP ANY CONTEXT BY ACCESS ;
AUDIT DROP ANY CUBE BY ACCESS ;
AUDIT DROP ANY CUBE BUILD PROCESS BY ACCESS ;
AUDIT DROP ANY CUBE DIMENSION BY ACCESS ;
AUDIT DROP ANY DIMENSION BY ACCESS ;
AUDIT DROP ANY DIRECTORY BY ACCESS ;
AUDIT DROP ANY EDITION BY ACCESS ;
AUDIT DROP ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT DROP ANY INDEX BY ACCESS ;
AUDIT DROP ANY INDEXTYPE BY ACCESS ;
AUDIT DROP ANY LIBRARY BY ACCESS ;
AUDIT DROP ANY MATERIALIZED VIEW BY ACCESS ;
AUDIT DROP ANY MEASURE FOLDER BY ACCESS ;
AUDIT DROP ANY MINING MODEL BY ACCESS ;
AUDIT DROP ANY OPERATOR BY ACCESS ;
AUDIT DROP ANY OUTLINE BY ACCESS ;
AUDIT DROP ANY PROCEDURE BY ACCESS ;
AUDIT DROP ANY ROLE BY ACCESS ;
AUDIT DROP ANY RULE BY ACCESS ;
AUDIT DROP ANY RULE SET BY ACCESS ;
AUDIT DROP ANY SEQUENCE BY ACCESS ;
AUDIT DROP ANY SQL PROFILE BY ACCESS ;
AUDIT DROP ANY SYNONYM BY ACCESS ;
AUDIT DROP ANY TABLE BY ACCESS ;
AUDIT DROP ANY TRIGGER BY ACCESS ;
AUDIT DROP ANY TYPE BY ACCESS ;
AUDIT DROP ANY VIEW BY ACCESS ;
AUDIT DROP JAVA CLASS BY ACCESS ;
AUDIT DROP JAVA RESOURCE BY ACCESS ;
AUDIT DROP JAVA SOURCE BY ACCESS ;
AUDIT DROP PROFILE BY ACCESS ;
AUDIT DROP PUBLIC DATABASE LINK BY ACCESS ;
AUDIT DROP PUBLIC SYNONYM BY ACCESS ;
AUDIT DROP ROLLBACK SEGMENT BY ACCESS ;
AUDIT DROP TABLESPACE BY ACCESS ;
AUDIT DROP USER BY ACCESS ;
AUDIT ENQUEUE ANY QUEUE BY ACCESS ;
AUDIT EXECUTE ANY ASSEMBLY BY ACCESS ;
AUDIT EXECUTE ANY CLASS BY ACCESS ;
AUDIT EXECUTE ANY EVALUATION CONTEXT BY ACCESS ;
AUDIT EXECUTE ANY INDEXTYPE BY ACCESS ;
AUDIT EXECUTE ANY LIBRARY BY ACCESS ;
AUDIT EXECUTE ANY OPERATOR BY ACCESS ;
AUDIT EXECUTE ANY PROCEDURE BY ACCESS ;
AUDIT EXECUTE ANY PROGRAM BY ACCESS ;
AUDIT EXECUTE ANY RULE BY ACCESS ;
AUDIT EXECUTE ANY RULE SET BY ACCESS ;
AUDIT EXECUTE ANY TYPE BY ACCESS ;
AUDIT EXECUTE ASSEMBLY BY SESSION ;
AUDIT EXEMPT ACCESS POLICY BY ACCESS ;
AUDIT EXEMPT IDENTITY POLICY BY ACCESS ;
AUDIT EXPORT FULL DATABASE BY ACCESS ;
AUDIT FLASHBACK ANY TABLE BY ACCESS ;
AUDIT FLASHBACK ARCHIVE ADMINISTER BY ACCESS ;
AUDIT FORCE ANY TRANSACTION BY ACCESS ;
AUDIT FORCE TRANSACTION BY ACCESS ;
AUDIT GLOBAL QUERY REWRITE BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY PRIVILEGE BY ACCESS ;
AUDIT GRANT ANY ROLE BY ACCESS ;
AUDIT GRANT DIRECTORY BY ACCESS ;
AUDIT GRANT EDITION BY ACCESS ;
AUDIT GRANT MINING MODEL BY ACCESS ;
AUDIT GRANT PROCEDURE BY ACCESS ;
AUDIT GRANT SEQUENCE BY ACCESS ;
AUDIT GRANT TABLE BY ACCESS ;
AUDIT GRANT TYPE BY ACCESS ;
AUDIT IMPORT FULL DATABASE BY ACCESS ;
AUDIT INDEX BY ACCESS ;
AUDIT INSERT ANY CUBE DIMENSION BY ACCESS ;
AUDIT INSERT ANY MEASURE FOLDER BY ACCESS ;
AUDIT INSERT ANY TABLE BY ACCESS ;
AUDIT LOCK ANY TABLE BY ACCESS ;
AUDIT MANAGE ANY FILE GROUP BY ACCESS ;
AUDIT MANAGE ANY QUEUE BY ACCESS ;
AUDIT MANAGE FILE GROUP BY ACCESS ;
AUDIT MANAGE SCHEDULER BY ACCESS ;
AUDIT MANAGE TABLESPACE BY ACCESS ;
AUDIT MATERIALIZED VIEW BY ACCESS ;
AUDIT MERGE ANY VIEW BY ACCESS ;
AUDIT MINING MODEL BY ACCESS ;
AUDIT NOT EXISTS BY ACCESS ;
AUDIT ON COMMIT REFRESH BY ACCESS ;
AUDIT PROCEDURE BY ACCESS ;
AUDIT PROFILE BY ACCESS ;
AUDIT PUBLIC DATABASE LINK BY ACCESS ;
AUDIT PUBLIC SYNONYM BY ACCESS ;
AUDIT QUERY REWRITE BY ACCESS ;
AUDIT READ ANY FILE GROUP BY ACCESS ;
AUDIT RESTRICTED SESSION BY ACCESS ;
AUDIT RESUMABLE BY ACCESS ;
AUDIT ROLE BY ACCESS ;
AUDIT ROLLBACK SEGMENT BY ACCESS ;
AUDIT SELECT ANY CUBE BY ACCESS ;
AUDIT SELECT ANY CUBE DIMENSION BY ACCESS ;
AUDIT SELECT ANY MINING MODEL BY ACCESS ;
AUDIT SELECT ANY SEQUENCE BY ACCESS ;
AUDIT SELECT ANY TABLE BY ACCESS ;
AUDIT SELECT ANY TRANSACTION BY ACCESS ;
AUDIT SEQUENCE BY ACCESS ;
AUDIT SYNONYM BY ACCESS ;
AUDIT SYSDBA BY ACCESS ;
AUDIT SYSOPER BY ACCESS ;
AUDIT SYSTEM AUDIT BY ACCESS ;
AUDIT SYSTEM GRANT BY ACCESS ;
AUDIT TABLESPACE BY ACCESS ;
AUDIT TRIGGER BY ACCESS ;
AUDIT TYPE BY ACCESS ;
AUDIT UNDER ANY TABLE BY ACCESS ;
AUDIT UNDER ANY TYPE BY ACCESS ;
AUDIT UNDER ANY VIEW BY ACCESS ;
AUDIT UNLIMITED TABLESPACE BY ACCESS ;
AUDIT UPDATE ANY CUBE BY ACCESS ;
AUDIT UPDATE ANY CUBE BUILD PROCESS BY ACCESS ;
AUDIT UPDATE ANY CUBE DIMENSION BY ACCESS ;
AUDIT UPDATE ANY TABLE BY ACCESS ;
AUDIT USER BY ACCESS ;
AUDIT VIEW BY ACCESS ;
============I have tested on my DEVELOPMENT DB again. It is working fine. It requires to reconnect after turn off the DROP ANY TABLE. Have you done that? Send me output of test you performed.
You can test using following script.
connect as USER2 & execute following statements.
audit drop any table;
create table user1.test(
col1 number,
col2 number);
select os_username, username, action_name, priv_used
from dba_audit_trail a
where action = 85
and obj_name = 'TEST';
truncate table user1.test;
select os_username, username, action_name, priv_used
from dba_audit_trail a
where action = 85
and obj_name = 'TEST';
noaudit drop any table;
reconnect here as USER2
truncate table user1.test;
select os_username, username, action_name, priv_used
from dba_audit_trail a
where action = 85
and obj_name = 'TEST'; -
Unable to get Audit logs for Data Mining Model Oracle11g
Hi All, I followed all the steps given below 2 links but not getting any audit logs.
http://download.oracle.com/docs/cd/B28359_01/datamine.111/b28130/install_odm.htm#DMADM024
http://download.oracle.com/docs/cd/B28359_01/datamine.111/b28130/schemaobjs.htm#sthref233
Made sure the audit_trail is set to DB.
SQL cmds and its output shown below
SQL> AUDIT GRANT,AUDIT,COMMENT,RENAME,SELECT ON mining model NB_SH_Clas_sample;
Audit succeeded.
SQL> COMMENT ON MINING MODEL NB_SH_Clas_sample IS 'i am here';
COMMENT ON MINING MODEL NB_SH_Clas_sample IS 'i am here'
ERROR at line 1:
ORA-03113: end-of-file on communication channel
Process ID: 31648
Session ID: 135 Serial number: 114
SQL> quit
Please help me if i have left out any step
Thanks in AdvanceHi.
Please take a look at the other concurrent thread on model object auditing for more detailed information. If you have Oracle support, please file a TAR with Metalink (http://metalink.oracle.com).
Regards, Peter. -
Things captured in Configuration Audit
Hi All,
I know its a silly question. But want to know what actions will be captured in Configuration Audit for Hyperion 11.1.2.1.
As per the update from security PDF:
Shared Services allows the auditing of provisioning and lifecycle management activities to track
changes to security objects and the artifacts that are exported or imported using Lifecycle
Management functionality.
Auditing can be configured at three levels: global, application group, and application.
At the global level, you can audit security and artifacts handled by Shared Services. Application
group-level and application-level auditing allows you to audit security activities related to an
application group or application performed through Shared Services. Application group and
application security activities that are performed outside Shared Services; for example, assigning
calculation scripts in Essbase, cannot be audited.
We have gobal application overwrite enable. And seen it have captured all the changes we did on Shared Services like Auditing enable, LCM ,external directory configuration.
But want to know does it will track the new configurations like new essbase configuration. or any other activities.
Thanks in advance.
Sh!vaHi All,
Please suggest for the same. -
Hello, everybody!
I have a problem in auditing some user actions in Oracle.
For example, how could I audit using of GRANT ANY PRIVILEGE privilege? I asked it for auditing:
AUDIT GRANT ANY PRIVILEGE BY ACCESS
The following record has been appeared in the DBA_PRIV_AUDIT_OPTS view.
But when I actually use this privilege nothing is audited. And I'm sure that I really use it because when I revoke this privilege from my user I can't grant any privilege.
So, does anybody know what did I do wrong?Yes, regular auditing features are available at Oracle XE. Once you have configured your audit trail, just issue the audit command to start auditing focused areas.
~ Madrid -
Hi,
I would like to know when a particular role is granted to a user. Which table should I refer?
Thanks in advance.
Regards,
BrijeshJust to clarify. Oracle by default, does not audit when grants are done. Oracle has auditing that you can enable that will log when privileges are granted to users. Assuming you've enabled auditing in Oracle, you would simply
SQL> audit grant any object privilege by access;
SQL> audit grant any privilege by access;
SQL> audit grant any role by access;For more information, see [this OTN thread|http://forums.oracle.com/forums/thread.jspa?threadID=724068&tstart=-1].
Justin -
Hai
how to set audit for CREATE CONTROL FILE?
17:45:07 SQL> AUDIT CREATE CONTROL FILE;
AUDIT CREATE CONTROL FILE
ERROR at line 1:
ORA-00969: missing ON keyword
Whats the problem above statement?Hello;
That sounds like an issue outside of Oracle ( OS? ). The listener logs might help.
On your first question I check the alert log of my test database. It does not show control file creation, but it kind of a Chicken and the egg, with the database create.
It does show standby information :
Mon Jan 02 05:38:59 2012
alter database create standby controlfile as 'STANDBY.ctl' Common audits
audit grant any object privilege;
audit create session;
audit alter user;
audit create user;
audit drop user;
audit drop tablespace;
audit grant any role;
audit grant any privilege;
audit alter system;
audit alter session;
audit delete on AUD$ by access;
audit insert on AUD$ by access;
audit update on AUD$ by access;
audit delete table;
audit create tablespace;
audit alter database;
audit create role;
audit create table;
audit alter any procedure;
audit create view;
audit drop any procedure;
audit drop profile;
audit alter profile;
audit alter any table;
audit create public database link;Best Regards
mseberg
Edited by: mseberg on Jul 7, 2012 7:35 AM -
Error while installing APEX3.0.1 -- Please Help
Hi All,
I am trying to install APEX3.0.1(apex_3.0.1.zip) on Windows Sever2003 SP2 but am not successful.
I have Oracle Applications 11.5.10.2 as Database.
Anyone Please Help Me....
The Steps I followed:
conn sys/manager@prod as sysdba
grant GRANT ANY PRIVILEGE to public;
Confirmed that the PL/SQL gateway is 10.1.2.0.6
SQL> @D:\oracle\apex\owa\owainst.sql
Procedures Got Executed
SQL> select owa_util.get_version from dual;
GET_VERSION
10.1.2.0.6
-- Then i executed this script
SQL> @D:/oracle/proddb/9.2.0/ctx/admin/defaults/drdefus.sql
Creating lexer preference...
PL/SQL procedure successfully completed.
Creating wordlist preference...
PL/SQL procedure successfully completed.
Creating stoplist...
PL/SQL procedure successfully completed.
Creating default policy...
PL/SQL procedure successfully completed.
Created Table Space
create tablespace APEX datafile 'D:/oracle/proddata/apex9.dbf' size 500M;
-- Then i executed this script
@D:\oracle\apex\apexins.sql raman apex apex temp /i/ none
After Execution I am getting these errors…
grant execute on SYS.dbms_lock to FLOWS_030000
ERROR at line 1:
ORA-04021: timeout occurred while waiting to lock object SYS.DBMS_LOCK
==========
Warning: Package Body created with compilation errors.
No errors.
begin
ERROR at line 1:
ORA-04068: existing state of packages has been discarded
ORA-04063: package body "FLOWS_030000.WWV_FLOW_UTILITIES" has errors
ORA-06508: PL/SQL: could not find program unit being called
ORA-06512: at line 2
SP2-0310: unable to open file "core/coreins.sql"
...create flow auditing
==========
grant execute on wwv_flow_epg_include_modules to anonymous
ERROR at line 1:
ORA-01917: user or role 'ANONYMOUS' does not exist
ldap.plb
custom_auth_ldap.plb
...wwv_flow_ldap
==========
apxsqler.sql
...design time flows
APPLICATION 4411 - APEX - System Messages
Set Credentials...
Check Compatibility...
WWV_FLOW_API.FLOWS_API_LAST_EXTENDED20070525
WWV_FLOW_API.CURRENT_FLOWS_VERSION20070525
WWV_FLOW_API.IMPORT_COMPATIBLE_WITH_VERSION 20070108
WWV_FLOW_API.COMPATIBLE
Set Application ID...
begin
ERROR at line 1:
ORA-20001: WWV_FLOW_API.SGID_NOT_SET
ORA-06512: at "FLOWS_030000.WWV_FLOW_API", line 46
ORA-06512: at "FLOWS_030000.WWV_FLOW_API", line 238
ORA-06512: at line 4
After That
(copy Images Folder All from)
D:/oracle/apex/images (images folder to) D:\oracle\devora\iAS/Apache/Apache
Then
Edited the D:\oracle\devora\iAS\Apache\modplsql\cfg\wdbsrv.app file and added the following
[DAD_apex]
connect_string = prod
password = raman
username = apex_public_user
default_page = apex
document_table = wwv_flow_file_objects$
document_path = docs
document_proc = wwv_flow_file_mgr.process_download
reuse = Yes
enablesso = No
stateful = STATELESS_RESET
nls_lang = American_America.AL32UTF8
Then
Edited the D:\oracle\devora\iAS\Apache\Apache\conf\httpd.conf file and added the alias
Alias /i/ "d:\oracle\devora\iAS\Apache\Apache\images/"
After Completing the Installation Steps when i Try to run the url in browser….
http://computername.com:8000/pls/apex
The home page is not opening….
Can anyone Please Tell me where I am going wrong
Regards.anonymous,
I have Oracle Applications 11.5.10.2 as Database.
That is not a database server version. What version of the database server are you using?
grant GRANT ANY PRIVILEGE to public;
What on Earth are you doing?
@D:\oracle\apex\apexins.sql raman apex apex temp /i/ none
You're supposed to set the working directory to apex before you start SQL*Plus and then the command line would start with @apexins.
ORA-04021: timeout occurred while waiting to lock object SYS.DBMS_LOCK
After this all is futile. I'd say start over, maybe restart the db and try again starting in the correct directory/folder.
Scott -
Retrieve role-activity relationship via papiws
We have a demand from a client who is asking for access the information about the audit trail activities and the role which those activities are associated in an external application.
We’re using PAPIWS’ method processGetVisibleActivities(String) from the WebService, but it only lists information about interactive activities from a process.
I would like to know if there’s a way to retrieve, via Webservice, all activities, like Begin, automatic acitivities and decisions.Hi,
can you look at this
[https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a92195a9-0b01-0010-909c-f330ea4a585c?overridelayout=true]
Regards,
Muralidhar -
Log all SQLPLUS.EXE queries into a table
Hi,
I want to trace all SQLPLUS activities executed by any user , I tried using V$Session and V$SQLAREA but not much helpful as V$Session is a dynamic view.
I need to capture all sql commands executed from sqlplus.exe prompt.
Need your expert advice for same .
Regards,Hi,
My Database size is around 2 TB , moreover i dont want to trace the application activities .
As direct access to SQLPLUS is limited , only requirement is to trace SQL commands run on SQLPLUS prompt .
Auditing will audit all activities including application .Lookng for some solution which will provide SQL_TEXT of progam SQLPLUS only.
Regards, -
Need Oracle 12c whitepaper recommendation for upgrade assessment
Hi: Good morning!
This is not an urgent request, but appreciate your recommendation! I need documents about Oracle 12c (our os is IBM AIX power system, 6.1, 64 bit), because we are planning upgrade current oracle database 11.2.0.4 to 12c, we need a thorough assessment to 12c since 12c introduced many innovative, new features, major component changes, as well as impact to java application. The document I have so far is-
1. database upgrade guide
http://docs.oracle.com/database/121/UPGRD/preup.htm#UPGRD002
2. Deprecated API (oracle database JDBC Java API Reference)
https://docs.oracle.com/database/121/JAJDB/deprecated-list.html
3. Tom Kytes Top 12 new features for Oracle 12c (from web).
There are many things to look for. I want to know the major things I should focus in new features & impact to java application.
what document can provide me the info!
thank you very much in advance!Hi all:
Can anyone gives me advice after upgrade from 11.2.0.4 database to 12c database, which 'core-DB new features' impact to Java application more, and that we should focus on assessment?
There are too many new & innovative features introduced in 12c. Should I convert our single instance database (on non-cluster server) to 'CDB/PDB' during upgrade? Is it a 'Must-to-do' or not? We have a physical standby DB, how to do with the standby?
Oracle Documents I reviewed are: 'Oracle 12c database document', 'Oracle 12c Java Developer's Guide'. I recommend this to our developers based on 'Oracle 12c Java Developer's Guide':
Oracle JVM ( JDK6, JDK7 support in 12)
[note:need to check jvm components for application: library manager, compiler, interpreter, class loader, server-side JDBC internal driver, server-side SQLJ, translator, system classes; Java stored procedure, SQLJ, JDBC, etc]
2. Oracle Memory Space management ( garbage collection)
3. Multithreading
4. Footprinting
5. Dynamic class loading
6. JNDI class support
7. Auditing for Java ( alert/execute/audit/grant is enabled in auditing)
8. Support for logging
9. Support for customizing default java.security resource
10. Improved for debugging
However, I may lost myself in core-DB new features for:
1. advanced analytics features
2. OLAP features
3. Partitioning enhance
4. Performance for zero effort
5. Compression and Archiving features (depends on application tables design)
6. Database Overall
- Integrate With Operating System Processor Groups
- Oracle Data Pump Support
- Multitenant Architecture (Not sure)
- PDBs Backup and Recovery (Not sure)
- PDBs Point-in-Time Recovery (Not sure)
- PDBs Resource Plans (Not sure)
- Utilities
7. High Availability
- Application Continuity
- Transaction Guard
- Logical Replication
- Global Data Services
- Online Operations
- Oracle Data Guard Enhancements (Depends on our standby design)
8. Manageability
- PGA Size Limit
- Resource Manager Runaway Query Management
- Spot ADDM
9. General
- DBMS_QOPATCH
10. Performance
11. Security enhance
12. Improve Security Manageability, Administration and Integration
- Database vault
Is my above suggestion (text in red-color) correct?
Thank you very much!
Maybe you are looking for
-
Hi Experts/Fellow SDNers, I am currently restricting a BW system and have a few questions/would like some confirmation on a few points to make sure I am understanding things correctly. My understanding of BW is limited so kindly bare with me: 1. Ba
-
Hello, I want to add the time stamp in the file name in JAVA map. Actually we are directly writing the file on to the file system from Java map and also giving its output to other map. So we need when we write the file on the file system the file nam
-
Hi, I am trying to modify the following example to use trigger instead of "IntervalSchedule". It seems that the notification doesn't work. Any idea? http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/how-to-scheduler-jms/doc/readme.html Here
-
Do the Photo Booth effects apply to your builtin camera on yahoo messenger?
Hiya, Just got a G5 IMAC and was wondering if you select an "effect" in Photo Booth will it apply to your isight camera. Is that how you are seen or will it be just normal? I am using the BETA version of Yahoo Messenger. Will it owrk on any other cha
-
Creating Pdf in Photoshop CS6 - blurry at maximum quality setting
Hi, I just tried to create Pdf. I used high quality jpegs and chose a 100% quality setting and at 300 dpi. I also chose the same pixel dimensions as the original documents. But the outcome is blurry - as if the original had been highly compressed. Th