DBMS_FGA.ADD_POLICY
I created this audit select with FGA:
BEGIN
DBMS_FGA.ADD_POLICY(
OBJECT_SCHEMA => 'TOM',
OBJECT_NAME => 'MYTAB',
POLICY_NAME => 'SELECT_MYTAB',
AUDIT_CONDITION => '',
AUDIT_COLUMN => '',
STATEMENT_TYPES => 'SELECT');
END;and I can see the audit on DBA_FGA_AUDIT_TRAIL table
I have many store procedures and packages that select on MYTAB table and It run every night.
I'd like to avoid select audit for these procedure.
How can I write the audit condition in DBMS_FGA.ADD_POLICY?
Thanks in advance!
You might want to check this posting...
procedure last executed
Similar Messages
-
DBMS_FGA.add_policy .. How to handle multiple tables and multiple users
Dear All,
My database is 11gR1 and Linux is the platform.
I have more then 50 very important tables and around 15 database users.
I want to implement fine grained auditing on these important tables.
This is how I am going to implement it:
SQL>BEGIN
DBMS_FGA.add_policy(
object_schema => 'Scott',
object_name => 'SAL',
policy_name => 'SALARY_CHK_AUDIT',
audit_condition => NULL,
handler_schema => 'imran',
statement_types => 'SELECT,INSERT,UPDATE,DELETE',
audit_column => NULL);
END;
what is i have to pass multiple tables in object_schema and multiple users in handler_schema.
I hope i am able to clear my question, any doubts please let me know.
Regards, ImranHi,
object_schema - The schema of the object to be audited. (If NULL, the current log-on user schema is assumed.)
in case if you like to audit for multiple users - then try to test by holding a null value and test access the important tables -where the relevant auditing records are generated as per your requirement or not. i have not tested.. try it
- Pavan Kumar N -
Dbms_fga.add_policy with Oracle 10g Express Edition
begin
dbms_fga.add_policy (
object_schema=>'PROVA',
object_name=>'EMPLOYEE',
policy_name=>'ACCESS_EMPLOYEES',
audit_column => 'name',
ENABLE=> TRUE );
end;
Error
feature not enabled: Fine-grained access control
at "SYS.DBMS_FGA"
i'am using Oracle 10g Express Edition i have this error about 5 days ..........please help me!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Thanks for your replay , in the follow the result about the query :
SQL> select * from v$version;
BANNER
Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product
PL/SQL Release 10.2.0.1.0 - Production
CORE 10.2.0.1.0 Production
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
SQL> select * from v$option;
VALUE
Parallel load
TRUE
Point-in-time tablespace recovery
FALSE
Fine-grained access control
FALSE
Now i need fine-grained access control , what can I do ?
I change the version or exist an other metod?
thanks.......................... -
Dbms_fga.add_policy with multiple user audit conditions
how to add multiple user in audit_condition for dbms_fga.add_policy
AUDIT_CONDITION => 'USER = ''test1, test2,test3 '' d'ont workTry something like : 'sys_context(''userenv'',''session_user'') in (''TEST1'',''TEST2'')'
-
DBMS_FGA doesn't work for insert auditing
I have a 10.2.0.3 database. I want to auditing the changes on my people table.
create table sher.people (
first_name varchar2(50),
last_name varchar2(50),
sal number,
ocupation varchar2(50)
begin
DBMS_FGA.add_policy(
object_schema => 'SHER',
object_name => 'PEOPLE',
policy_name => 'PEOPLE_CHK_AUDIT',
audit_condition => 'sal>5000',
audit_column =>'first_name,last_name',
statement_types => 'INSERT');
end;
insert into sher.people values ('Joe','Adam',6000,'Student');
commit;
select * from DBA_COMMON_AUDIT_TRAIL ;
no data row
Why I don't get an insert row audited?
Thanks a lot!I don't know why you didn't get but it worked for me nicely in 10201 on windows xp proff sp2 system.
SQL> startup
ORACLE instance started.
Total System Global Area 167772160 bytes
Fixed Size 1247900 bytes
Variable Size 75498852 bytes
Database Buffers 88080384 bytes
Redo Buffers 2945024 bytes
Database mounted.
Database opened.
SQL> conn aman
Enter password:
Connected.
SQL> create table test(a number , b number, c number);
create table test(a number , b number, c number)
ERROR at line 1:
ORA-00955: name is already used by an existing object
SQL> create table fga(a number , b number, c number);
Table created.
SQL> conn / as sysdba
Connected.
SQL> begin
2 DBMS_FGA.add_policy(
3 object_schema => 'AMAN',
4 object_name => 'FGA',
5 policy_name => 'P1',
6 statement_types => 'INSERT');
7 end;
8
9 /
PL/SQL procedure successfully completed.
SQL> conn aman/aman
Connected.
SQL> insert into into fga values(1,2,3);
insert into into fga values(1,2,3)
ERROR at line 1:
ORA-00903: invalid table name
SQL> insert into fga values(1,2,3);
1 row created.
SQL> commit;
Commit complete.
SQL> conn / as sysdba
Connected.
SQL> select sql_text
2 from dba_fga_audit_trail;
SQL_TEXT
insert into fga values(1,2,3)
SQL> select sql_text
2 from dba_common_audit_trail
3 where db_user='AMAN';
SQL_TEXT
insert into fga values(1,2,3)
SQL> conn aman/aman
Connected.
SQL> conn / as sysdba
Connected.
SQL> exec dbms_fga.drop_policy('FGA','AMAN','P1');
BEGIN dbms_fga.drop_policy('FGA','AMAN','P1'); END;
ERROR at line 1:
ORA-01918: user 'FGA' does not exist
ORA-06512: at "SYS.DBMS_FGA", line 55
ORA-06512: at line 1
SQL> exec dbms_fga.drop_policy('AMAN','FGA','P1');
PL/SQL procedure successfully completed.
SQL> begin
2 DBMS_FGA.add_policy(
3 object_schema => 'AMAN',
4 object_name => 'FGA',
5 policy_name => 'P1',
6 audit_condition => 'A>5000',
7 audit_column =>'A,B',
8 statement_types => 'INSERT');
9 end;
10 /
PL/SQL procedure successfully completed.
SQL> conn aman/aman
Connected.
SQL> insert into fga values(50001,2,3);
1 row created.
SQL> commit;
Commit complete.
SQL> conn / as sysdba
Connected.
SQL> select sql_text
2 from dba_fga_audit_trail;
SQL_TEXT
insert into fga values(1,2,3)
insert into fga values(50001,2,3)
SQL> select sql_text
2 from dba_common_audit_trail
3 where db_user='AMAN';
SQL_TEXT
insert into fga values(1,2,3)
insert into fga values(50001,2,3)
SQL>HTH
Aman.... -
hi all,
audit event handler doesn't work. please help
test: SQL>show user
USER is "HR"
test: SQL>--on user hr
drop table aud_emp
creattest: SQL> 2 e table aud_emp (aud_time date)
create or replace procedure p_aud_emp as
begin
insert into aud_emp values (sysdate);
commit;
--do other thing later;
end;
Table dropped.
test: SQL> 2
Table created.
test: SQL> 2 3 4 5 6 7
Procedure created.
test: SQL>
test: SQL>show user
USER is "SYS"
test: SQL>--on user sys
begin
dbms_fga.drop_politest: SQL> 2 cy (
object_schema => 'hr',
object_name => 'employees',
policy_name => 'audit_emps_salary');
end;
/ 3 4 5 6 7
PL/SQL procedure successfully completed.
test: SQL>begin
dbms_fga.add_policy (
object_sche 2 3 ma => 'hr',
object_name => 'employees',
policy_name => 'audit_emps_salary',
audit_condition=> 'department_id=10',
audit_column => 'SALARY',
handler_schema => 'hr',
handler_module => 'p_aud_emp',
enable => TRUE,
statement_types=> 'select' );
end;
/ 4 5 6 7 8 9 10 11 12 13
PL/SQL procedure successfully completed.
test: SQL>
test: SQL>-- on user hr
select first_name,salary
test: SQL> 2 from employees
where department_id=10; 3
FIRST_NAME SALARY
Jennifer 4400
--it should call hr.p_aud_emp,but it didn't.
test: SQL>
test: SQL>select * from aud_emp;
no rows selected --it should insert one row here
test: SQL>
-- on user sys
col object_schema forma a10
col object_name form a15
col policy_name form a20
col sql_text form a40
set lines 120
select OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME,SQL_TEXT
from DBA_FGA_AUDIT_TRAIL
OBJECT_SCH OBJECT_NAME POLICY_NAME SQL_TEXT
HR EMPLOYEES AUDIT_EMPS_SALARY select * from employees
HR EMPLOYEES AUDIT_EMPS_SALARY select *
FROM employees
WHERE
department_id = 10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id = 10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
OBJECT_SCH OBJECT_NAME POLICY_NAME SQL_TEXT
from employees
where department_id = 10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id = 10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id = 10
OBJECT_SCH OBJECT_NAME POLICY_NAME SQL_TEXT
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id = 10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id = 10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id = 10
OBJECT_SCH OBJECT_NAME POLICY_NAME SQL_TEXT
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id=10
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id=10
OBJECT_SCH OBJECT_NAME POLICY_NAME SQL_TEXT
HR EMPLOYEES AUDIT_EMPS_SALARY select first_name,salary
from employees
where department_id=10
13 rows selected.Any ideas will be greatly appreciated.
Help to find out what issues in it please. -
"identifier DBMS_FGA must be declared" When called from PL/SQL package...
Hi there,
I am trying to call dbms_fga dynamically (of sorts) from a package, and I am getting the error as per the title.
I have tried as many ways as i can think of calling this from another package, with similar results each time.
The user/owner of the package has DBA rights, so it doesn't appear to be a permissions issue.
Oracle Version is 11.1.0.6.0 on Suse.
any ideas on this anyone?
Cheers
CODE:
Attempt 1:
PROCEDURE enable_sql_auditing (on_off in boolean default false) is
v_ssql varchar2(900);
cursor c1 is
select table_name
from all_all_tables
where owner=gcv_pkg_owner;
begin
for rec in c1 loop
sys.dbms_fga.add_policy(object_schema =>''|| gcv_pkg_owner ||'',
object_name => ''|| rec.table_name ||'',
policy_name => ''|| rec.table_name || '_AUDIT''',
handler_schema => ''|| gcv_pkg_owner ||'',
handler_module => 'FGA_SQL',
enable => true);
end loop;
end enable_sql_auditing;
Attempt 2:
PROCEDURE enable_sql_auditing (on_off in boolean default false) is
v_ssql varchar2(900);
cursor c1 is
select table_name
from all_all_tables
where owner=gcv_pkg_owner;
begin
for rec in c1 loop
v_ssql := 'begin sys.dbms_fga.add_policy(object_schema =>''' ||gcv_pkg_owner|| ''', object_name => '''||rec.table_name||''', policy_name => '''||rec.table_name||'_AUDIT'', enable => true); end;';
execute immediate (v_ssql);
end loop;
end enable_sql_auditing;Frenchwood wrote:
The user/owner of the package has DBA rights, so it doesn't appear to be a permissions issue.But it is.
DBA is a role.
permissions within PL/SQL have to be directly granted rather than through roles.
i.e. you need to directly grant execute permission on the package to the required user(s). -
Error in using fibne grained auditing
Hello,
I am trying to implement fine grained auditing on SAL column of my Employees table as I suspect that someone is updating values.
I am using the system user to implement this. But when I try to use the following syntax I am getting an error "ORA-00900: invalid SQL statement"
EXEC DBMS_FGA.ADD_POLICY(object_schema =>'hr',object_name =>'employees',policy_name =>'chk_pol',audit_condition =>'1=1',audit_column=>'salary');
Can anyone help me out in correcting this error.
Regards,
Faiz Qureshi
Email : [email protected]begin
dbms_fga.add_policy
(object_schema => 'scott',
object_name => 'emp',
policy_name => 'chk_pol',
audit_condition => '1=1',
audit_column => 'sal');
end;
SQL> /
PL/SQL procedure successfully completed.
*I used sal column and emp as a table name. -
How do I know if SELECT stmnt was issued on a specific Table?
Hi,
I have a Reporting environment where the tables get populated by selective information from production database through batch scripts. These tables have become HUGE over time and the management wants to know if any user is using the table or else drop them. A USER will only issue a SELECT command and is not responsible for any INSERT/UPDATE/DELETE so querying the table DBA_TAB_MODIFICATIONS isn't of much help.
My question is: Is there a way to find out if any of the tables under concern had been queried (using SELECT) in the recent past???
Thanks in advance!
ArindamHello,
Best option is to use fine-grained auditing and once collected information you can drop that policy ; Using full fledged auditing will be an overkill.
GRANT SELECT ON dba_fga_audit_trail TO <username>;
grant exexute on dbms_fga to <username>;
declare
BEGIN
DBMS_FGA.add_policy (object_schema => 'SCHEMA_NAME',
object_name => 'TABLE_NAME',
policy_name => 'TABLE_DML',
enable => TRUE,
statement_types => 'SELECT',
audit_trail => DBMS_FGA,
audit_column_opts => DBMS_FGA.any_columns
END;
/http://www.oracle-base.com/articles/10g/Auditing_10gR2.php#fine_grained_auditing
Regards -
Fine grained auditing on table, but I don't want it on view
I have a table which contains sensitive information, and I want to audit all queries on it except the web account 'EJBUSER', so I created the below policy:
begin
dbms_fga.add_policy( policy_name => 'STAFF_LOGON_QRY_POLICY'',
object_schema => 'CPY',
object_name => 'STAFF_LOGON',
statement_types => 'SELECT',
audit_condition => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''EJBUSER'' ');
end;
This does exactly what I want, but I also have a view off this STAFF_LOGON table (below) which users can query to see their own details.
create or replace view CPY.V_STAFF_LOGON
as
select * from cpy.staff_logon
where user_name = user;
When a user queries this view, it also writes an entry to the dba_fga_audit_trail, but I only want to see queries against the base table, not the view.
Is it possible to fga audit the base table only, and not the view?
Edited by: stuartu on Feb 17, 2010 11:36 AM
Edited by: stuartu on Feb 17, 2010 12:01 PMBut does this delete the whole account from the cloud, or just from my device. I must make sure my husband doesn't loose all his business contacts which are in the iCloud device. Thanks.
-
Send audit information to mail acount using fined-grained auditing
hi.
i like to send audit information to particular mail account. but i have failed.
is any one can help me. i have writtten step by step what i have done for my work. my mail server work properly.
SQL> CONNECT SYS/PAS AS SYSDBA
after that i have created a procedure called "FGA_NOTIFY" to send mail WHEN user used SELECT command on sal column in emp table other than SCOTT. Then i have added a policy that is given belllow.
But The problem is now when sys user or any other user give command like
sql> select sal from scott.emp;
oracle server didnot send audit information mail to mail server. but
if i execute procedure "FGA_NOTIFY" independently , procedure send mail.
please help me. i have given procedure and
policy code down.
This is my policy
BEGIN
DBMS_FGA.add_policy(
object_schema => 'SCOTT',
object_name =>'EMP',
policy_name => 'Example',
audit_condition => 'ENAME != USER',
audit_column => 'SAL',
handler_schema => 'SYS',
handler_module => 'FGA_NOTIFY');
END;
THIS IS MY PROCEDURE
CREATE OR REPLACE PROCEDURE fga_notify (
object_schema VARCHAR2,
object_name VARCHAR2,
policy_name VARCHAR2)
AS
l_messege VARCHAR2 (32767);
l_mailhost VARCHAR2 (30) :='rmail';
l_mail_conn UTL_SMTP.connection;
l_from VARCHAR2 (30):= 'admin@rmail';
l_to VARCHAR2 (30):= 'admin@rmail';
BEGIN
l_messege :=
'User'||USER
||'successfully accessed'||Object_schema||'.'
||object_name||'at'
||TO_CHAR (SYSDATE, 'Month DD HH24 :MI:SS')
||'with this statement :"'
||SYS_CONTEXT ('userenv','currrent_sql')
||'"';
l_mail_conn :=UTL_SMTP.open_connection (l_mailhost,
25);
UTL_SMTP.helo (l_mail_conn, l_mailhost);
UTL_SMTP.mail (l_mail_conn, l_from);
UTL_SMTP.rcpt (l_mail_conn,l_to);
UTL_SMTP.DATA (l_mail_conn,
UTL_TCP.crlf||'subject: FGA Alert'
||UTL_TCP.crlf
||'To:'
||l_to
||UTL_TCP.crlf
||l_messege);
UTL_SMTP.quit (l_mail_conn);
EXCEPTION
WHEN OTHERS THEN
UTL_SMTP.quit (l_mail_conn);
raise_application_error (-2000,'Failed due to the
following error'||SQLERRM) ;
END;
Message was edited by:
Md Ruhul AminAlok brother, thank you for advice. About FGA concept i got from book. this PL/SQL code i got from that book. The book name is "Effective Oracle Database 10g Security by Design" and the writter name is "David Knox". if you send your e-mail address , i could send scan copy of this topic from this book.
my e-mail address is <[email protected]>. i am waing for you reply -
Auditing DML actions on multiple databases
I am using Oracle 10g Database on Solaris .
I need to audit the complete DML statement issued on a table which exists in multiple schemas(same name with different data from other schemas) in multiple databases ie Consider the table ito be audited is "TAB_A" . This table exists in multiple schemas "USER_A", "USER_B" but as said before only the name remains the same but data is different so they are two different tables. Also there are many databases "DB_A" , "DB_B" which have that table .
There is a master database which collects information from all these databases through database links . Now this database has a table which gets updated with a username, schema name and database name once a new user is created on the databases DB_A and DB_B . So is there any way I can use this info and automate the auditing so that the DBMS_FGA.ADD_POLICY procedure gets fired when a new user say USER_C is created ? This will not involve any manual involvement in running DBMS_FGA.ADD_POLICY procedure for USER_C.TAB_Aauditing will be enabled on a specific table which exists in some schemas eg : TAB_A . So the table name along with schema name would be USER_A.TAB_A and USER_B.TAB_A . think so now it is clear
now the master database contains information about the username , database name . so from this information I should create dbms_fga policy on each database . The table name is constant so it shouldn't be a problem . The point is if a new user is created in any of the databases the policy should be automatically created from the master database without any manual interruption.
This is what i am trying to do ... let me know if this is possible ? -
How to retrieve the value of last identity has been updated in a database?
how to retrieve the value of last identity has been updated in a database
Hi,
Oracle 10g, FGA - Fine grained auditing, supports DML statements (9i only select).
Set up FGA using the DBMS_FGA.ADD_POLICY procudure:
sql> BEGIN
DBMS_FGA.ADD_POLICY (
policy_name => 'AUD_EMPLOYEE_SAL',
object_schema => 'HR',
object_name => 'EMPLOYEE',
audit_column => SALARY',
audit_condition => '',
statement_type => 'UPDATE');
END;
NEXT:
sql> SELECT dbuid, lsqltesxt FROM sys.fga_logs$;
The database inserts the audit record into the FGA_LOG$ table using an autonomous transaction; even if you roll back the update statement, the update action will still be logged in this table. The fga_log$ tracks the session, machine id, timestamp, schema, scn, etc:
SQL> desc fga_log$
Name Null? Type
SESSIONID NOT NULL NUMBER
TIMESTAMP# DATE
DBUID VARCHAR2(30)
OSUID VARCHAR2(255)
OSHST VARCHAR2(128)
CLIENTID VARCHAR2(64)
EXTID VARCHAR2(4000)
OBJ$SCHEMA VARCHAR2(30)
OBJ$NAME VARCHAR2(128)
POLICYNAME VARCHAR2(30)
SCN NUMBER
SQLTEXT VARCHAR2(4000)
LSQLTEXT CLOB
SQLBIND VARCHAR2(4000)
COMMENT$TEXT VARCHAR2(4000)
PLHOL LONG
STMT_TYPE NUMBER
NTIMESTAMP# TIMESTAMP(6)
PROXY$SID NUMBER
USER$GUID VARCHAR2(32)
INSTANCE# NUMBER
PROCESS# VARCHAR2(16)
XID RAW(8)
AUDITID VARCHAR2(64)
STATEMENT NUMBER
ENTRYID NUMBER
DBID NUMBER
LSQLBIND CLOB
SQL> spool off -
Permissions issue - schema assignment?
Hi,
Running application express 2, Oracle 9i (I know!)
I'm looking into using apex as an alternative to crystal reports for some of our staff, they only use crystal to generate xls documents so apex should work fine for them. However I'm running into a permissions issue, most likely due to my lack of understander of how workspaces and schemas really work together.
We have some internal tools written in APEX which I don't want these new developers to be able to mess with, so I've created a new workspace called "crystal", I've also created a schema "crystal_apex" which has been assigned to the crystal workspace. This schema/user has been granted select access on the various tables it needs to access in other tables via a role, "crystal_role" (this is pre-existing and gets granted to anyone who needs to log in via crystal).
So, if I log into sqlplus as crystal_apex, I can happily run queries against the tables this user has access to via the role, however, access via the SQL Commands tool, any sql run against tables not in the crystal_apex schema fails. Even if I add another schema to the workspace, I can only query against that schema by changing the "schema" dropdown in the SQL Commands tool. If I do switch to using the other schema, the workspace now has full access to that schema, something I do not want, the crystal users have a very restricted level of access.
Is it possible to query/create reports against schemas other than the one apex is connected as? If not, how can you do any cross schema queries (something very common in our database). I'm sure I have done this before in our other workspace, however I cannot recall how I set it up.
It seems if I grant the rights directly to the schema (apex_crystal) rather than via a Role, then the permissions work fine, however only the schemas explicitly granted in apex show up in the query builder/object browser. Is there any way around this, or is this different in newer versions of apex?
Any help in the right direction would be greatly appreciated.
Edited by: nib000 on Aug 12, 2009 2:49 PM
Edited by: nib000 on Aug 12, 2009 2:56 PMHi,
Since this is a somewhat related topic I am cross posting from another thread.
I have successfully made a policy using dbms_fga, however am having trouble viewing the audit view based on dba_fga_audit_trail. I had the dba create a view based on the dba_fga_audit_trail limited to my schema--call it 'my_audit_view'. So she granted all on 'my_audit_view' to 'my_schema'. She also did same grants to my userid in Apex. I still cannot see the view in the Workspace -- 'table or view does not exist'. What does she need to do to make this audit view available to an apex user in this workspace? Does the grant actually have to be done to apex_public_user (hope not)?? It is interesting that I was able to create the policy from the Apex workspace SQL Worksheet:
begin
dbms_fga.add_policy(
object_schema => 'my_schema',
object_name => 'my_table',
policy_name => 'my_table_audit',
audit_condition => null,
statement_types => 'insert, update,delete');
end;
And she showed me that the view does exist and shows the inserts, updates I performed subsequent to the execution of the above, but I cannot run the view myself at this point within my Apex workspace -- which has only 1 schema -- 'my_schema'
Secondly, assuming I get beyond this issues of being able to see the view as a developer, if I want to create a report based on 'my_audit_view' in an application that an 'admin' type user can run on a page in an application (assuming the authorization is set up for the page), is there some other security step that has to be done to make audit view available to the application report??
Thanks,
Pat -
FGA, module name and SET_MODULE
RDBMS: Release 10.1.0.5.0
I would like to audit a table column using an audit condition on the module name.
The code to do that is:
begin
DBMS_FGA.DROP_POLICY(object_schema=>'XXXX', object_name=>'TAB', policy_name=>'FGA_SELECT_TAB' );
dbms_fga.add_policy (
object_schema=>'XXXX',
object_name=>'TAB',
policy_name=>'FGA_SELECT_TAB',
statement_types => 'select',
ENABLE => TRUE,
audit_condition=> 'sys_context(''USERENV'', ''MODULE'') NOT IN (''xxxxWebApp [ROOT]'',''app_name'')',
audit_column=> 'VIP'
end;
/h3. PROBLEM
I can write this simple sql program:
connect XXXX@mydb
exec DBMS_APPLICATION_INFO.SET_MODULE('app_name', '');
select * from tab;And the SELECT is not audited.
h3. QUESTION
Is there a way to resolve the described problem?
Edited by: AleC on 16-May-2011 02:35That is correct. You've specified the audit condition will be true when the module IS NOT IN 'app_name'. You've set it to 'app_name' hence no audit.
Maybe you are looking for
-
Adobe Reader 8.1.1 does not remember Duplex setting
Restarting the old thread. Some techinical issues have rendered the earlier post read only. Johnapp - 12:03pm Oct 9, 2007 Pacific I am printing with CUPS under Ubuntu Feisty and I have defined a HP Laserjet-4Si-4Si-MX-600-dpi printer/driver and set t
-
6i Reports and Forms Download Software
I am not able to fine the 6i Reports and Forms from OTN download. I am at 11.5.9 using Sun. Can you help me to find where I can download the tool? I am new at the company. Thanks!
-
Mail photo attachment changes format after being sent?
When I take a photo using the iPad camera and send it as an attachment in mail, how can I ensure the photo will maintain the same format after sending it, as it did when I took the photo? Recipients of my email with a portrait photo attachment, will
-
Guys, i am a windows OS user and using windows 7 on my desktop machine i have found an issue in Itunes 11.1.3.8 version. I have open the itunes everything is working fine for me but when i minimized the itunes and then Hover on the itunes for perviou
-
I can't access any functionality on my icloud email account on my I pad, all functions other than loading has locked up the last received email was a local government one. so I'm using my PC to send this. Any ideas how to unfreeze this account? Safar