How to know if Fine Grain Auditing is used
I have to migrate a exsisting database to a new plattaform.The old database is a Enterprise Edition and the new must be a Standard Edition.
But first I must make sure that none of the functions of the Enterpise edition is being used.
How I can know if the database is using the Fine Grain Auditing?
thanks
Thank you. Furthermore you can find a lot of resource about it.
Regards
http://www.oracle.com/technetwork/database/security/index-083815.html
Similar Messages
-
Fine Grained Audit records to syslog
Hello experts,
I am working on Standard Auditing and Fine Grained Auditing on 11.2.0.3 databases on Red Hat x86_64.
I am trying to send Fine Grained Audit records to syslog as for my Standard Audit records with audit_trail set to OS, but can't find any appropriate option.
When I create FGA policies with the ADD_POLICY procedure of the DBMS_FGA package, the audit_trail parameter can only be set to DB or XML, as stated in [PL/SQL Packages and Types Reference|http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_fga.htm#CDEIECAG].
Does somebody know if it is possible to send FGA audit records to syslog directly:
1. without using any additional product (e.g. Oracle Audit Vault)?
2. without doing manual extraction from fga_log$ or DBA_COMMON_AUDIT_TRAIL?
Thanks for any suggestion.Hi,
Well, i did not used FGA yet.
I used audit_Trail=db and the query SELECT username,extended_timestamp,owner,obj_name,action_name,sql_text FROM dba_audit_trail WHERE to_char(extended_timestamp, 'DD/MM/RR') = to_char(SYSDATE - 1, 'DD/MM/RR') ORDER BY timestamp)
Then i wrote a procedure, and exported the results using utl_file .
And i scheduled this procedure to run daily.
It works pretty good, if you like the solution as ask for details.
Hope that helps,
Regards. -
Should I use the fine-grained auditing?
I need to record the changes (of data) made to serveral tables by users. For example, I have to check the before and after images of the changes and what kind of transactions they do to cause the changes. Sould I program the logging procedure in the application or should I use the fine-grained auditing function of oracle to do it. I am not sure what this built-in function can do for me. Can anyone give me some advice on this? Thks.
A beginnerWhy Fine-Grained Auditing?
You may want to check standard auditing if it is suitable for you
http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/cfgaudit.htm#BABCFIHB
I don't think you can get pre and post update values of the affected data with Auditing.
FGA is useful when you want to audit just a "subset" of the data in the table.
(for instance, audit everyone that wants to get all records from EMP table where SALARY > 100000)
Message was edited by:
tekicora -
Is there any way to audit more than one table using fine-grained auditing in oracle 10.2.0.
Thnks in advance.sonidba wrote:
Is there any way to audit more than one table using fine-grained auditing in oracle 10.2.0.
Thnks in advance.Read this
Re: use multiple tables in FGA Add_policy? -
How to know whether the current database is using a password file or not?
How to know whether the current database is using a password file or not?
The remote_password_file is the parameter that determines if you can use or not a password file. The values this parameter can have are NONE, SHARED, EXCLUSIVE. It is pretty obvious, if it is set to either SHARED or EXCLUSIVE the oracle instance has enabled the access through a password file for the SYSDBA and SYSOPER roles.
~ Madrid -
How to know which type of jdbc driver used in my application
How to know which type of jdbc driver used in my application.
My approach will be....
Type1: you have to have ODBC s/w install on your machine...even the connection string starts with jdbc:odbc....so it can be identifed easily
Type2: you have to install client s/w in your machine...if you are using oracle oci driver ...you need to install oracle client s/w
Type3: you use servername / port to connnect to middleware
Type4: you do not need any client s/w
So, If your application works without any client s/w on your machine....you might be using Type4/Type3 driver.....otherwise Type2
Someone pls add more .... -
How to know whether a particular query is using the aggregates
hi all....
im very new to this group so plz help me out.....anyway hi to all ....
There are many aggreegates are there but how to know which query is using perticular a?gregatesHi,
use query monitor screen RSRT and select the option execute + debug . and u can have the option of checking display aggreagates for that query!
cheers,
ravi -
How to know what level of optimization to use / which symbols to remove
I probably should have asked this question along time ago, but how do you know what level of optimization to use and what symbols you can safely remove when compiling
EDLundquist wrote:
I probably should have asked this question along time ago, but how do you know what level of optimization to use and what symbols you can safely remove when compiling
I have no direct experience with development for Macs, but based on my experience on other platforms, I'd use lower optimization and symbol removal early in the debugging process, increasing those as the program becomes more stable. -
How to know the list of scenario that use a KM
In ODI work repository, from which table I can know a list of interfaces that use one IKM and from which table I can can know a list of package that use that interface? The reason for this question is I want to regenerate all scenarios impacted by that KM.
ThanksHi,
try this:
SELECT snp_scen.scen_name
,snp_scen.scen_version
,snp_package.pack_name
,snp_step.step_name
,snp_pop.pop_name
,snp_trt.trt_name
FROM snp_scen
INNER JOIN snp_package on snp_scen.i_package = snp_package.i_package
INNER JOIN snp_step on snp_package.i_package = snp_step.i_package
INNER JOIN snp_pop on snp_step.i_pop = snp_pop.i_pop
INNER JOIN snp_trt on snp_pop.i_trt_kim = snp_trt.i_trt -- integration
or snp_pop.i_trt_kcm = snp_trt.i_trt --check
-- more joins here ! -
Fine grained auditing on table, but I don't want it on view
I have a table which contains sensitive information, and I want to audit all queries on it except the web account 'EJBUSER', so I created the below policy:
begin
dbms_fga.add_policy( policy_name => 'STAFF_LOGON_QRY_POLICY'',
object_schema => 'CPY',
object_name => 'STAFF_LOGON',
statement_types => 'SELECT',
audit_condition => 'SYS_CONTEXT(''USERENV'',''SESSION_USER'') != ''EJBUSER'' ');
end;
This does exactly what I want, but I also have a view off this STAFF_LOGON table (below) which users can query to see their own details.
create or replace view CPY.V_STAFF_LOGON
as
select * from cpy.staff_logon
where user_name = user;
When a user queries this view, it also writes an entry to the dba_fga_audit_trail, but I only want to see queries against the base table, not the view.
Is it possible to fga audit the base table only, and not the view?
Edited by: stuartu on Feb 17, 2010 11:36 AM
Edited by: stuartu on Feb 17, 2010 12:01 PMBut does this delete the whole account from the cloud, or just from my device. I must make sure my husband doesn't loose all his business contacts which are in the iCloud device. Thanks.
-
Fine Grained Auditing FGA - Which procedure or package caused the DML ?
Hi All,
I'm using FGA at column level. I'm trying to figure out all PL/SQL Subprograms like procedures, functions, packages, etc, which issued the SQL_TEXT in the dba_fga_audit_trail view.
e.g.
begin
sys.dbms_fga.add_policy(
object_schema => 'SCOTT',
object_name => 'EMP',
policy_name => 'SCOTT_EMP_POLICY',
audit_condition => null,
audit_column => 'SALARY',
statement_types => 'UPDATE');
end;
The dba_fga_audit_trail view successfully displays all Update Statements in the SQL_TEXT column. However, as to which PL/SQL Subprogram it was issued from - this I don't know.
Is there any way to determine this? Maybe through another system view?
I tried replacing the SQL_TEXT with a lot of '%' for every space and every bind variable characters, so that I can do a LIKE in the DBA_SOURCE view, . . . but this didn't 100% worked.
Many Thanks,
Henry WuHi,
Personnally i've never seen an automatic way for doing this...
What you cando (but it can be very fastidious) is to declare constants (or IDs) for your differents package/procedure/function names and add them to your different DMLs commands.
procedure TheProc is
CurrentProc constant varchar2(100):='TheProc';
begin
update mytable set .... , proc_name=CurrentProc
end;this is an old post but it might interrest you:
Get current procedure -
How to know column name (not an expression) used by function-based index?
Hi guys,
Is there any way to know exact column name used by FBI? If I correct, there is SYS.ICOLDEP$ table that has mapping between index/table columns, but I don't see how it could be uniquely joined with the rest. I know about USER_IND_EXPRESSIONS, but the task is to know exact column name, not it's expression.
This required by our so-called SQL preprocessing of DB schema update utility, which parses stmt (INSERT in our case) and should check against PK/UNIQUE key values.
Thanks!I don't think this is possible in 10g or 11g because :
1. dictionary keeps track of column number in index and not in table
2. the expression used in CREATE INDEX is a system generated column
You would have to parse the expression from USER_IND_EXPRESSIONS:
SQL> create table t(x int, y int);
Table created.
SQL> create index fbi on t(y+1);
Index created.
SQL> column index_name format a10
SQL> column column_name format a20
SQL> column column_expression format a10
SQL> select i.index_name, ic.column_name, ic.column_position as iccn, ie.column_position as iecn, ie.column_expression
2 from user_indexes i , user_ind_columns ic, user_ind_expressions ie
3 where i.index_name = ic.index_name
4 and i.index_name = ie.index_name
5 and i.index_name = 'FBI';
INDEX_NAME COLUMN_NAME ICCN IECN COLUMN_EXP
FBI SYS_NC00003$ 1 1 "Y"+1 -
How to know where a GL account is used
hello all
as FI is not my speciality, can someone explain to me how can I know where a GL account is being used? meaning, we link GL accounts to material groups via valuation class, is there a way to know which valuation class is linked to a specific GL account?
thanks
AlisaHi,
Am suprised, how come you are not able to see the valuation class.
In Table T030 (initial screen) the first (row)filed is COA and fifth & Sixth (row) is G/L code.
If you key in these values and execute, the system will display you all relevant details and the sixth column is Valuation class feild.
When i checked in my system the following were displayed and i am able to see the valuation class.
Client, Chart of Accts, Transaction, Val.Grpg Code, Acct modif, Valuation Class, G/L Account , G/L Account.
Do check again.
Regards,
Gerardo -
How to know whether infotype record is created using PA30 or PA40
Hi,
can any one suggest is there any way to know how a record is created in database i.e by performing actions in PA40 or from PA30.
Thanks
DeepthiHmmmm...
are you asking Record or actions???
If records then forgot about PA40 it will perform actions not records.
Coming back PA30-> TO create , modify display
PA20 -> TO DISPLAY.
For PA30 -> after record is created come back to original pa30 screen input the Pernr number , Select/input infotype number
then click on the icon Overview button (or SHift + F8) then you can see the data , records.
or you go and see in SE11 OR SE16 another direct method
Regards
sas -
How to know the status of stream played using NetStream.Play method ?
I am playing stream data published by third party server
similar to FCS by creating NetStream object and calling Play method
on it. Now the problem is, sometimes I am not able to view the
published stream by playing it using Play method. Also it does not
call OnStatus method of NetSteam. How can I know the status(or
result) of Play method ?
Note: NetConnection gets created successfully. I get status
of NetStream.Play.Start / Stop when I put local flv as a first
parameter to Play methodHi
There are SQL reports in the following zip which has SQLDeveloper reports for runtime objects such as mappings and process flows;
http://www.oracle.com/technology/products/warehouse/htdocs/Experts/owb_sqldeveloper.zip
Cheers
David
Maybe you are looking for
-
Dear Friends While creating Excise JV for CENVAT adjustments (othr. adjs). and entering all the details for account RG23A I have entered the BED, ECS and TAX1 amounts. However on clicking on Detemine G/L Accounts the system does not display any G/L a
-
Hi guys, We trying to reset clearing Doc using FBRA. Message triggers via Express dcoument "Update Terminated". I have checked the logs and in SM13 - indicates Update Terminated in Reverse_clearing. I have executed FBRA couple of times bu
-
First of all, sorry for my english. About a week ago (April 2, 2011 9:24) my colleague bought ipad 2 64GB wifi+3G for me at the Woodlands store. One of the important parameters was AT&T version of the device (because here in Russia, we have no CDMA o
-
Fld selectn for mvmt type 561 / acct 2005999 differs for Ext. GA amount in
Dear Experts, When we are doing the initial stock upload we are getting the Error as "Fld selectn for mvmt type 561 / acct 2005999 differs for Ext. GA amount in LC (023) Message no. M7093" and when we compared the Feild status for that posting at Pos
-
Iphone 4 not yet shipped or in progress as of 06-22
i ordered my iphone 4 on 06-15 at around 1pm (tried since it pre-orders opened up and could not get through...) anyway, my order still shows as "not yet shipped" and is not in progress. i've called apple 2x, both reps stated the order is fine but the