Auditing select statemet of fnd_user

Similar Messages

• Statement AUDIT SELECT TABLE also audits update, delete and inserts

  Hi,
  Database Oracle 11g.
  After turning on AUDIT with these 2 statements:
  SQL> ALTER SYSTEM SET audit_trail = "DB_EXTENDED" SCOPE=SPFILE;
  SQL> AUDIT SELECT TABLE BY ACCESS;
  then insert, update and delete statements are recorded in sys.aud$ as well as select statements.
  My expectation was to see only select statements in sys.aud$.
  Please clarify :-)
  Best regards
  Erik

  it should not record other action apart from select,can you crosscheck audit configuration by
  select * from DBA_OBJ_AUDIT_OPTS;
  SELECT * FROM ALL_DEF_AUDIT_OPTS;

• Audit "SELECT FOR UPDATE" statement

  Hi all
  My database is 10.2.0.3 and I enabled audit_trail to DB value already.
  My purpose I want to audit "SELECT FOR UPDATE" statement on the table and I tried to enable audit "SELECT" on the table that have many records in dba_audit_trail because "SELECT" statement that include in this audit and then I tried to enable audit "LOCK TABLE" on the table that doesn't have any records n dba_audit_trail.
  So my question is How to enable audit for collecting only "SELECT FOR UPDATE" statement? or anyone have any idea for this.
  Regards,
  Hiko

  taohiko wrote:
  Hi all
  My database is 10.2.0.3 and I enabled audit_trail to DB value already.
  My purpose I want to audit "SELECT FOR UPDATE" statement on the table and I tried to enable audit "SELECT" on the table that have many records in dba_audit_trail because "SELECT" statement that include in this audit and then I tried to enable audit "LOCK TABLE" on the table that doesn't have any records n dba_audit_trail.
  So my question is How to enable audit for collecting only "SELECT FOR UPDATE" statement? or anyone have any idea for this.
  A consideration on top of the comments made by Justin:
  You have an unfortunate version of the database for auditing: when you enable audit on 10.2.0.3 (or.2 or .1) the redo pattern changes - normally you will see a redo change vector for each row updated, but in these versions you will see two records, a "lock row" followed up "update row piece"; which means your volume of redo may increase significantly.
  I wrote a note about it some time ago: http://jonathanlewis.wordpress.com/2011/05/27/audit-ouch/ and one of the comments includes the bug number ( 5166745 ), reporting fixed in 10.2.0.4 and 11.1.0.6
  Regards
  Jonathan Lewis
  This is bug

• Is there any way to audit select statements

  Hi
  I need to audit select statements. My specific need is to know the results of every select executed on one table.
  Example.
  When a user executes select * from person where personid=5;
  I need to be able to know who executed the query and the results obtained.
  By activating audit options i can know the user, but i dont know how to store the consulted records.

  hi,
  wanting to audit the results of select statements is ill-advised, apart from the fact it's virtually not possible to implement
  (consider for example the use of bind variables) it has the following problems: it would cause a tremendous amount
  of audit data, in the support practice we already advise customers to reconsider to even normally audit select table
  for all users, since even recording the select statements itself is already a big volume in a typical deployment. Then
  there's the performance impact as every statement wouild need to execute twice, once for the application / end
  user and another time recursively to store the audit data. Short answer: don't do it.
  greetings,
  Harm ten Napel

• Stop auditing select statements issued against SYS objects

  Hi,
  My current client has a requirement to track destructive updates (i.e. insert, update, delete) issued by users who can connect directly to the database. At the moment though, SELECT statements issued against SYS-owned objects are also being captured to the Oracle audit trail. For the time being at least these need to be disabled.
  I've issued NOAUDIT SELECT TABLE/SEQUENCE and NOAUDIT SELECT ANY TABLE/SEQUENCE commands, as has a user with the SYSDBA privilege, and they're still being logged. Is there any way to switch these off? I don't know if it's significant (I'm not a DBA by trade) but the audit_sys_operations parameter is set to True.
  My client is currently running Oracle Database 10.2.0.5.0 standard edition.
  If anyone has any suggestions I'd be grateful.
  Thanks in advance,
  Steve

  Hi,
  Thanks for the input so far ...
  @Eduardo and KarK ...
  show parameter audit
  audit_file_dest string D:\ORACLE\PRODUCT\10.2.0\ADMIN\USSUPM2\ADUMP
  audit_sys_operations boolean TRUE
  audit_trail string DB, EXTENDED
  If we set audit_sys_operations to FALSE, won't that stop auditing of all actions carried out by, for example, someone who connects as SYSDBA? That is something that's still needed to be captured. Unfortunately they go to the WIndows Event Log but at least they're captured somewhere.
  @Hemant
  This auditing was in place before my client took me on, so I can't say what was used to initiate it unfortunately. What I can say though is that they absolutely don't want to turn off auditing by SYS- type users, just SELECT against SYS-owned objects.
  Thinking simplistically, could I just write a script which trawls dba_objects for sys-owned tables, views and sequences and explicitly issues a noaudit select against what's found, and get one of the sysdba-type people we have access to to run it?
  Thanks in advance (again)
  Steve

• Auditing a select statement

  Hi,
  Database version: 10.2.0.3
  There are several application users in our database. Say A,B,C and D.
  A,B and C query data from schema D. We want to audit the select queries fired by user A (in order to fetch data from D).
  B and C can fire select statements but should not be audited.
  How can I achieve this? Can dbms_fga a solution for this, is yes then how?
  Regards,

  Assuming that the "fireid" user is to be audited.
  CONNECT sys/password AS SYSDBA 
  AUDIT ALL BY fireid BY ACCESS;
  AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY fireid BY ACCESS;
  AUDIT EXECUTE PROCEDURE BY fireid BY ACCESS;
  we can see the audits according to the user you have provided.
  for more reference  visit ORACLE-BASE - Auditing in Oracle 10g Release 2

• How to audit unsuccessful select

  I got a error message 'ORA-00492: Table or view does not exist.' from an application I've no source code. In order to know what table the user try to access, I use the command 'AUDIT SELECT TABLE BY username'. But Oracle only keeps the records that user accessed successfully. What should I do?

  if you are able to use the database and not let anyone else use it, then you might consider the following :-
  i) take the database down
  ii) enable tracing for the entire database,
  iii) start the database
  iv) generate the error
  v) bring the database down and disable tracing
  vi) run tkprof on your trace file and see what was causing the problem : all sql wil have been traced, whether successful or not
  go here for a full explanation of using trace files :- http://technet.oracle.com/doc/server.804/a58397/ch4.htm#1667
  hope this helps
  null

• AUDIT IN Oracle Database 10g Express

  I configured Oracle Database 10g Express R2 for auditing,
  ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;
  AUDIT SELECT TABLE, UPDATE TABLE;
  but...in dba_audit_trail ,
  ACTION_NAME is always SESSION REC
  but...i think its possible to record specific action like select,update..etc
  thanx

  Yes, regular auditing features are available at Oracle XE. Once you have configured your audit trail, just issue the audit command to start auditing focused areas.
  ~ Madrid

• Regarding Auditing in Oracle 10g

  Hi all,
  i want to enable auditing for particular tables in oracle 10g(linux)..To enable auditing i have put
  audit_trail=db
  in init.ora files found in "/proc/4310/cwd" and "/proc/self/cwd/app/oracle/product/10.2.0/server/config/scripts"...
  but im not getting any values in sys.aud$ table...
  please tell me the way to get rid of this problem...
  Thanx
  in advance..

  For Oracle 9 and later:
  alter system set audit_trail = DB;
  If you want to audit a specific user run the following:
  audit alter table, select table, insert table, update table, delete table, grant table, grant
  procedure by USERNAME;
  To stop audit for that user run:
  noaudit alter table, select table, insert table, update table, delete table, grant table,
  grant procedure by USERNAME;
  To enable auditing for a specific object do:
  AUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE;
  To stop auditing:
  NOAUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE;
  To see the results:
  SQL> select * from dba_audit_trail;

• How to find SQL Statement fired using SYS.AUD$ - Database Auditing

  Dear Friends
  I am having Oracle 9i Database and have configured it with database auditing option by setting the following parameter in init.ora file
  AUDIT_TRAIL = "DB"
  I want to audit SELECT, INSERT , UPDATE and DELETE operations on PRACTICE.EMP table for which I did :
  1) Logged in as SYS
  2) SQL> AUDIT SELECT, INSERT, UPDATE, DELETE
  ON PRACTICE.EMP
  BY ACCESS
  WHENEVER SUCCESSFUL;
  Audit Succedded
  Now how should I find out the SQL statement that does the insert, update or delete operation on the EMP table using SYS.AUD$ table
  Thanks

  Hi,
  It's contents can be viewed directly or via the following views:
  * DBA_AUDIT_EXISTS
  * DBA_AUDIT_OBJECT
  * DBA_AUDIT_SESSION
  * DBA_AUDIT_STATEMENT
  * DBA_AUDIT_TRAIL
  * DBA_OBJ_AUDIT_OPTS
  * DBA_PRIV_AUDIT_OPTS
  * DBA_STMT_AUDIT_OPTS
  The audit trail contains a lot of data, but the following are most likely to be of interest:
  * Username : Oracle Username.
  * Terminal : Machine that the user performed the action from.
  * Timestamp : When the action occured.
  * Object Owner : The owner of the object that was interacted with.
  * Object Name : The name of the object that was interacted with.
  * Action Name : The action that occured against the object. (INSERT, UPDATE, DELETE, SELECT, EXECUTE)
  So, take a look at action_name column from DBA_AUDIT_TRAIL view.
  Cheers
  Legatti

• Duplicates error in user forms (FND_USER)

  Hi,
  In System Admin: Security User: Define,
  When I queried for some user "ABC", i got the error < ORA-01422: exact fetch returns more than requested... >. Refer below link for reference.
  https://docs.google.com/leaf?id=0B5DraJWCbaqSMDkwZDlhM2UtM2I2Yy00NDk3LWEyZWMtZDA5MWMyZjEzNGI0&hl=en&authkey=CJGCnacC
  But in FND_USER table, there is only one record with the user ABC.
  Please provide solution how to fix this.
  Regards,
  a.v

  Have you loaded any user data or responsibility data from sql?
  Check if the fnd_user_u2 index is present or not?
  Do the following to check if there are 2 users with the same user_name.
  select count(1) from fnd_user where user_name ='ABC'
  Do the following to check if the user has the same responsibility twice.
  select count(1),responsibility_id from fnd_user_resp_groups
  where user_id = (select user_id from fnd_user where user_name='ABC')
  group by responsibility_id having count(1) > 1
  If that does not give any clues, put a trace on before doing the query. Then do a tkprof to find the statement that gives you the error.
  Hope this helps
  Sandeep Gandhi
  Independent Techno-functional Consultant

• Capture @@ROWCOUNT for all QUERIES using SQL AUDIT

  I have a requirement where the customer wants to audit all SELECT queries made to a specific table  and also capture
  "No of rows returned" for these queries made to the table. I was able to capture various SELECT queries happening in the database /Table using SQL AUDIT, Wondering if anybody can suggest how to capture no of rows affected along
  with it, Since we have numerous stored procedures in the system we wont be able to modify existing stored procedures.

  Good day Vish_SQL,
  There are several options that you can use, which fit different cases. for example:
  1. Using extended events (My prefered solution for most cases like this)
  2. Using profiler (older option)
  3. Using view (with the same name as the table, and rename the tables related to the issue) instead of the original table, adding to the view a simple function or SP (CLR for example). the function return the
  column value, but behind the  screen write information to another table. It is a very rare case that you need this option, and I can't recommend
  it.
  4. using applications like GREENSQL which give another level between the application and the SQL Server. The users connect to the server but the server do not listen to remote connection but the external app dose.
  In this case the app get the query and send it t the server (after security or monitoring if you need)
  * it was much simpler if you want to monitor delete, update, or insert for example, since in those cases you could work with AFTER trigger.
  ** I highly recommend you to monitor the application that connect to the SQL Server rather than the SQL Server. if you can.
  Check this:
  http://solutioncenter.apexsql.com/auditing-select-statements-on-sql-server/
    Ronen Ariely
   [Personal Site]    [Blog]    [Facebook]

• Regarding Auditing in IDM

  Hi All,
  I have to make a workflow for auditing in IDM. The auditing is to put on a java script which adds Disable="True" in Resource info.
  So the resource info has nothing before the script and after runing the script it adds Disable='True".
  So i want that in my audit logs the *Change* field should show something like this Befor:Disable='Null' After:Disable='True'.
  I have read some where that in auditing that change filed could be populated using.
  <address>Argument Type Description</address>
  <address> Map (Optional) Map of attribute names and values that were added or modified
  originalAttributes Map (Optional) Map of old attribute values. The names should
  match the ones listed in the attributes argument. The
  values will be any previous value you wish to save in your
  audit log.
  Does any one have any idea how can i populate this with disable value.
  {color:#ff0000}*To sum up: How can i excract the value of Disable field from resource info*{color}
  </address>
  <address></address>

  For Oracle 9 and later:
  alter system set audit_trail = DB;
  If you want to audit a specific user run the following:
  audit alter table, select table, insert table, update table, delete table, grant table, grant
  procedure by USERNAME;
  To stop audit for that user run:
  noaudit alter table, select table, insert table, update table, delete table, grant table,
  grant procedure by USERNAME;
  To enable auditing for a specific object do:
  AUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE;
  To stop auditing:
  NOAUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE;
  To see the results:
  SQL> select * from dba_audit_trail;

• Audit in Oracle 10g

  Hello,
  Just a quick question,
  I setup the audit for one oracle user on Oracle 10G :
  AUDIT ALL BY myuser BY ACCESS;
  AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY myuser BY ACCESS;
  AUDIT EXECUTE PROCEDURE BY myuser BY ACCESS;
  now, Where can I found the information about the audit? in which views?
  Thanks all,;

  SQL> show parameter audit
  NAME                                 TYPE        VALUE
  audit_file_dest                      string      /u01/app/oracle/admin/TEST/adump
  audit_syslog_level                   string     
  audit_sys_operations                 boolean     FALSE
  audit_trail                          string      NONE
  SQL>

• Audit activity for all objects in a schema

  Hi,
  Is there a way to audit all DDL statements and certain DML statements (i.e. DELETE) for all objects in a particular schema? I've been going through the Oracle documentation, and there doesn't seem to be a straightforward way to do this. For example, I've figured out that I can audit all DELETEs (too broad) or DELETEs on a particular schema object (too narrow), but nothing in between.
  The "AUDIT...BY <USER>" statement looked promising, but it doesn't cover statements issued by other users with access to the schema.
  Any help greatly appreciated!

  Is there a way to audit all DDL statements and certain DML statements (i.e. DELETE) for all objects in a particular schema?You can audit all the DDLs you need and the DMLs you need.
  For example, I've figured out that I can audit all
  DELETEs (too broad) or DELETEs on a particular schema
  object (too narrow), but nothing in between.I think you need to explain more on what you need to do because your "but nothing in between" is not clear.
  Something in between ?
  SQL>AUDIT DELETE ON EMP;
  SQL>AUDIT DELETE ON EMP WHENEVER SUCCESSFUL;
  SQL>AUDIT DELETE ON EMP WHENEVER NOT SUCCESSFUL;
  SQL>AUDIT SELECT ON EMP;
  The "AUDIT...BY <USER>" statement looked promising, but it doesn't cover statements issued by other users with access to the schemaYou can audit BY ACCESS, BY PROXY, BY SESSION