Oracle 12C -- Unified Auditing Policy
1.审计策略是一组审计选项,用来审计数据库用户
2.创建审计策略需要被授予audit_admin角色(create audit policy ...)
3.可以在CDB、PDB级别创建创建审计策略
4.审计策略被enable之后才能生效。标准的非策略审计不受enable/disable影响
5.创建审计策略必须要指定系统级别或者对象级别的审计选项
-系统级别:
privilege审计选项审计所有的events;action审计选项审计数据库中需要被审计的操作,比如alter trigger;role审计选项审计被直接授予mgr_role的权限
privilege、action、role选项可以包含在同一个策略中。系统级别的审计选项可以查看sys.auditable_system_actions表
SQL> create audit policy audit_mixed_po01 privileges drop any table roles emp_role;
SQL> select * from sys.auditable_system_actions; TYPE COMPONENT ACTION NAME
---------- ------------------------------ ---------- ----------------------------------------------------------------
4 Standard 1 CREATE TABLE
4 Standard 2 INSERT
4 Standard 3 SELECT
4 Standard 4 CREATE CLUSTER
4 Standard 5 ALTER CLUSTER
4 Standard 6 UPDATE
4 Standard 7 DELETE
4 Standard 8 DROP CLUSTER
4 Standard 9 CREATE INDEX
4 Standard 10 DROP INDEX
4 Standard 11 ALTER INDEX
4 Standard 12 DROP TABLE
4 Standard 13 CREATE SEQUENCE
4 Standard 14 ALTER SEQUENCE
4 Standard 15 ALTER TABLE
4 Standard 16 DROP SEQUENCE
4 Standard 19 CREATE SYNONYM
4 Standard 20 DROP SYNONYM
4 Standard 21 CREATE VIEW
4 Standard 22 DROP VIEW
4 Standard 23 VALIDATE INDEX
4 Standard 24 CREATE PROCEDURE
4 Standard 25 ALTER PROCEDURE
4 Standard 26 LOCK TABLE
4 Standard 28 RENAME
4 Standard 29 COMMENT
4 Standard 32 CREATE DATABASE LINK
4 Standard 33 DROP DATABASE LINK
4 Standard 35 ALTER DATABASE
4 Standard 36 CREATE ROLLBACK SEGMENT
4 Standard 37 ALTER ROLLBACK SEGMENT
4 Standard 38 DROP ROLLBACK SEGMENT
4 Standard 39 CREATE TABLESPACE
4 Standard 40 ALTER TABLESPACE
4 Standard 41 DROP TABLESPACE
4 Standard 42 ALTER SESSION
4 Standard 43 ALTER USER
4 Standard 44 COMMIT
4 Standard 45 ROLLBACK
4 Standard 46 SAVEPOINT
4 Standard 48 SET TRANSACTION
4 Standard 49 ALTER SYSTEM
4 Standard 50 EXPLAIN
4 Standard 51 CREATE USER
4 Standard 52 CREATE ROLE
4 Standard 53 DROP USER
4 Standard 54 DROP ROLE
4 Standard 55 SET ROLE
4 Standard 56 CREATE SCHEMA
4 Standard 58 ALTER TRACING
4 Standard 59 CREATE TRIGGER
4 Standard 60 ALTER TRIGGER
4 Standard 61 DROP TRIGGER
4 Standard 62 ANALYZE TABLE
4 Standard 63 ANALYZE INDEX
4 Standard 64 ANALYZE CLUSTER
4 Standard 65 CREATE PROFILE
4 Standard 66 DROP PROFILE
4 Standard 67 ALTER PROFILE
4 Standard 68 DROP PROCEDURE
4 Standard 70 ALTER RESOURCE COST
4 Standard 71 CREATE MATERIALIZED VIEW LOG
4 Standard 72 ALTER MATERIALIZED VIEW LOG
4 Standard 73 DROP MATERIALIZED VIEW LOG
4 Standard 74 CREATE MATERIALIZED VIEW
4 Standard 75 ALTER MATERIALIZED VIEW
4 Standard 76 DROP MATERIALIZED VIEW
4 Standard 77 CREATE TYPE
4 Standard 78 DROP TYPE
4 Standard 79 ALTER ROLE
4 Standard 80 ALTER TYPE
4 Standard 81 CREATE TYPE BODY
4 Standard 82 ALTER TYPE BODY
4 Standard 83 DROP TYPE BODY
4 Standard 84 DROP LIBRARY
4 Standard 85 TRUNCATE TABLE
4 Standard 86 TRUNCATE CLUSTER
4 Standard 88 ALTER VIEW
4 Standard 90 SET CONSTRAINTS
4 Standard 91 CREATE FUNCTION
4 Standard 92 ALTER FUNCTION
4 Standard 93 DROP FUNCTION
4 Standard 94 CREATE PACKAGE
4 Standard 95 ALTER PACKAGE
4 Standard 96 DROP PACKAGE
4 Standard 97 CREATE PACKAGE BODY
4 Standard 98 ALTER PACKAGE BODY
4 Standard 99 DROP PACKAGE BODY
4 Standard 157 CREATE DIRECTORY
4 Standard 158 DROP DIRECTORY
4 Standard 159 CREATE LIBRARY
4 Standard 160 CREATE JAVA
4 Standard 161 ALTER JAVA
4 Standard 162 DROP JAVA
4 Standard 163 CREATE OPERATOR
4 Standard 164 CREATE INDEXTYPE
4 Standard 165 DROP INDEXTYPE
4 Standard 166 ALTER INDEXTYPE
4 Standard 167 DROP OPERATOR
4 Standard 168 ASSOCIATE STATISTICS
4 Standard 169 DISASSOCIATE STATISTICS
4 Standard 170 CALL METHOD
4 Standard 171 CREATE SUMMARY
4 Standard 172 ALTER SUMMARY
4 Standard 173 DROP SUMMARY
4 Standard 174 CREATE DIMENSION
4 Standard 175 ALTER DIMENSION
4 Standard 176 DROP DIMENSION
4 Standard 177 CREATE CONTEXT
4 Standard 178 DROP CONTEXT
4 Standard 179 ALTER OUTLINE
4 Standard 180 CREATE OUTLINE
4 Standard 181 DROP OUTLINE
4 Standard 182 UPDATE INDEXES
4 Standard 183 ALTER OPERATOR
4 Standard 184 Do not use 184
4 Standard 185 Do not use 185
4 Standard 186 Do not use 186
4 Standard 187 CREATE SPFILE
4 Standard 188 CREATE PFILE
4 Standard 190 CHANGE PASSWORD
4 Standard 191 UPDATE JOIN INDEX
4 Standard 192 ALTER SYNONYM
4 Standard 193 ALTER DISK GROUP
4 Standard 194 CREATE DISK GROUP
4 Standard 195 DROP DISK GROUP
4 Standard 196 ALTER LIBRARY
4 Standard 197 PURGE USER RECYCLEBIN
4 Standard 198 PURGE DBA RECYCLEBIN
4 Standard 199 PURGE TABLESPACE
4 Standard 200 PURGE TABLE
4 Standard 201 PURGE INDEX
4 Standard 202 UNDROP OBJECT
4 Standard 205 FLASHBACK TABLE
4 Standard 206 CREATE RESTORE POINT
4 Standard 207 DROP RESTORE POINT
4 Standard 212 CREATE EDITION
4 Standard 214 DROP EDITION
4 Standard 215 DROP ASSEMBLY
4 Standard 216 CREATE ASSEMBLY
4 Standard 217 ALTER ASSEMBLY
4 Standard 218 CREATE FLASHBACK ARCHIVE
4 Standard 219 ALTER FLASHBACK ARCHIVE
4 Standard 220 DROP FLASHBACK ARCHIVE
4 Standard 222 CREATE SCHEMA SYNONYM
4 Standard 224 DROP SCHEMA SYNONYM
4 Standard 225 ALTER DATABASE LINK
4 Standard 226 CREATE PLUGGABLE DATABASE
4 Standard 227 ALTER PLUGGABLE DATABASE
4 Standard 228 DROP PLUGGABLE DATABASE
4 Standard 229 CREATE AUDIT POLICY
4 Standard 230 ALTER AUDIT POLICY
4 Standard 231 DROP AUDIT POLICY
4 Standard 238 ADMINISTER KEY MANAGEMENT
4 Standard 239 CREATE MATERIALIZED ZONEMAP
4 Standard 240 ALTER MATERIALIZED ZONEMAP
4 Standard 241 DROP MATERIALIZED ZONEMAP
4 Standard 17 GRANT
4 Standard 18 REVOKE
4 Standard 30 AUDIT
4 Standard 31 NOAUDIT
4 Standard 100 LOGON
4 Standard 101 LOGOFF
4 Standard 47 EXECUTE
4 Standard 189 MERGE
4 Standard 242 ALL
8 Label Security 1 APPLY POLICY
8 Label Security 2 REMOVE POLICY
8 Label Security 3 SET AUTHORIZATION
8 Label Security 4 PRIVILEGED ACTION
8 Label Security 5 ENABLE POLICY
8 Label Security 6 DISABLE POLICY
8 Label Security 7 SUBSCRIBE OID
8 Label Security 8 UNSUBSCRIBE OID
8 Label Security 9 CREATE DATA LABEL
8 Label Security 10 ALTER DATA LABEL
8 Label Security 11 DROP DATA LABEL
8 Label Security 12 CREATE POLICY
8 Label Security 13 ALTER POLICY
8 Label Security 14 DROP POLICY
8 Label Security 15 CREATE LABEL COMPONENTS
8 Label Security 16 ALTER LABEL COMPONENTS
8 Label Security 17 DROP LABEL COMPONENTS
8 Label Security 18 ALL
6 XS 1 CREATE USER
6 XS 2 UPDATE USER
6 XS 3 DELETE USER
6 XS 4 CREATE ROLE
6 XS 5 UPDATE ROLE
6 XS 6 DELETE ROLE
6 XS 7 GRANT ROLE
6 XS 8 REVOKE ROLE
6 XS 9 ADD PROXY
6 XS 10 REMOVE PROXY
6 XS 11 SET USER PASSWORD
6 XS 12 SET USER VERIFIER
6 XS 13 CREATE ROLESET
6 XS 14 UPDATE ROLESET
6 XS 15 DELETE ROLESET
6 XS 16 CREATE SECURITY CLASS
6 XS 17 UPDATE SECURITY CLASS
6 XS 18 DELETE SECURITY CLASS
6 XS 19 CREATE NAMESPACE TEMPLATE
6 XS 20 UPDATE NAMESPACE TEMPLATE
6 XS 21 DELETE NAMESPACE TEMPLATE
6 XS 22 CREATE ACL
6 XS 23 UPDATE ACL
6 XS 24 DELETE ACL
6 XS 25 CREATE DATA SECURITY
6 XS 26 UPDATE DATA SECURITY
6 XS 27 DELETE DATA SECURITY
6 XS 28 ENABLE DATA SECURITY
6 XS 29 DISABLE DATA SECURITY
6 XS 30 ADD GLOBAL CALLBACK
6 XS 31 DELETE GLOBAL CALLBACK
6 XS 32 ENABLE GLOBAL CALLBACK
6 XS 33 ENABLE ROLE
6 XS 34 DISABLE ROLE
6 XS 35 SET COOKIE
6 XS 36 SET INACTIVE TIMEOUT
6 XS 37 CREATE SESSION
6 XS 38 DESTROY SESSION
6 XS 39 SWITCH USER
6 XS 40 ASSIGN USER
6 XS 41 CREATE SESSION NAMESPACE
6 XS 42 DELETE SESSION NAMESPACE
6 XS 43 CREATE NAMESPACE ATTRIBUTE
6 XS 44 GET NAMESPACE ATTRIBUTE
6 XS 45 SET NAMESPACE ATTRIBUTE
6 XS 46 DELETE NAMESPACE ATTRIBUTE
6 XS 47 SET USER PROFILE
6 XS 48 ALL
10 Datapump 1 EXPORT
10 Datapump 2 IMPORT
10 Datapump 3 ALL
7 Database Vault 1 REALM VIOLATION
7 Database Vault 2 REALM SUCCESS
7 Database Vault 3 REALM ACCESS
7 Database Vault 4 RULE SET FAILURE
7 Database Vault 5 RULE SET SUCCESS
7 Database Vault 6 RULE SET EVAL
7 Database Vault 7 FACTOR ERROR
7 Database Vault 8 FACTOR NULL
7 Database Vault 9 FACTOR VALIDATE ERROR
7 Database Vault 10 FACTOR VALIDATE FALSE
7 Database Vault 11 FACTOR TRUST LEVEL NULL
7 Database Vault 12 FACTOR TRUST LEVEL NEG
7 Database Vault 13 FACTOR ALL
11 Direct path API 1 LOAD
11 Direct path API 2 ALL
-对象级别:是动态的。修改后对当前用户和后期用户都会生效。
SQL> create audit policy audit_objpriv_po02 actions execute,grant on hr.raise_salary_proc;
-condition和evaluation:
SQL> create audit policy audit_mixed_po03 actions rename on hr.employees, alter on hr.jobs,when 'SYS_CONTEXT(''USERNAME'',''SESSION_USER'')=''JIM''' evaluate per session;
6.开启审计策略
SQL> audit policy audit_syspriv_po01;#对所有用户都生效
SQL> audit policy audit_po02 by scott,hr;#只对scott,hr用户生效
SQL> audit policy audit_po03 by sys;#只是对sys用户生效
SQL> audit policy audit_po04 except jim,scott;#jim,scott除外
Oracle 12C -- Unified Auditing Policy的更多相关文章
- Oracle 12C -- 删除audit policy
删除之前,必须将policy disable掉:然后再删除 SQL> noaudit policy audit_sysprvi_po01; SQL> drop audit policy a ...
- 使用Unified Auditing Policy审计数据泵导出操作
1.创建审计策略 SQL> alter session set container=pdb1; SQL> create or replace directory dumpdir as '/ ...
- Oracle 12c 新特性 --- 新增对数据泵操作的审计跟踪
版权声明:本文为博主原创文章,未经博主允许不得转载. https://blog.csdn.net/leo__1990/article/details/90199263 概念 Oracle Data P ...
- Red Hat Enterprise Linux7的安装与oracle 12c的安装
Red Hat Enterprise Linux7的安装与oracle 12c的安装 本文档中用到的所有参数均位于文末附录 Red Hat Enterprise Linux7的安装 新建完虚拟机后,挂 ...
- [20180914]oracle 12c 表 full_hash_value如何计算.txt
[20180914]oracle 12c 表 full_hash_value如何计算.txt --//昨天在12c下看表full_hash_value与11g的full_hash_value不同,不过 ...
- Oracle 12C Data Gurad RAC TO RAC
Oracle 12C RAC TO RAC Data Guard on RHEL7 0.环境说明 primary db physical standby 操作系统 rhel7 x86_64 rhe ...
- Oracle 12c 搭建学习
Oracle 12c 搭建学习 Vm workstaton10 安装linux 6.4 安装oracle12c Oracle 12c只支持64位系统 1 环境检查 [root@rac1 ~]# gre ...
- ORACLE 12C新特性——CDB与PDB
Oracle 12C引入了CDB与PDB的新特性,在ORACLE 12C数据库引入的多租用户环境(Multitenant Environment)中,允许一个数据库容器(CDB)承载多个可插拔数据库( ...
- Oracle 12c 使用scott等普通用户的方法
目录: 一.前言 二.使用普通用户 三.自动启动PDB 一.前言 最近电脑上安装了oracle 12c数据库,想体验下新特性.安装完后,便像11g一样在dos窗口进行下面的操作: SQL Produc ...
随机推荐
- 小教程:自己创建一个jQuery长阴影插件
长阴影设计是平面设计的一个变体,添加了阴影,产生了深度的幻觉,并导致了三维的设计.在本教程中,我们将创建一个jQuery插件,通过添加完全可自定义的长阴影图标,我们可以轻松地转换平面图标. 戳我查看效 ...
- JavaScript 作用域和闭包——另一个角度:扩展你对作用域和闭包的认识【翻译+整理】
原文地址 --这篇文章有点意思,可以扩展你对作用域和闭包的认识. 本文内容 背景 作用域 闭包 臭名昭著的循环问题 自调用函数(匿名函数) 其他 我认为,尝试向别人解释 JavaScript 作用域和 ...
- 删除数据库mysql
drop命令用于删除数据库. drop命令格式:drop database <数据库名>; 例如,删除名为 xhkdb的数据库:mysql> drop database xhkdb; ...
- jQuery页面滚动图片等元素动态加载实现
一.关于滚动显屏加载 常常会有这样子的页面,内容很丰富,页面很长,图片较多.比如说光棍节很疯狂的淘宝商城页面. 或者是前段时间写血本买了个高档耳机的京东商城页面,或者是新浪微博之类. 这些页面图片数量 ...
- SqlServer2012自增主键跳跃增长的问题解决方案
1.问题:SqlServer2012自增主键插入几条数据,然后重启服务,然后再插入几条数据,发现重启后插入的记录ID出现跳跃. 2.解决方案: Open SQLServer configuration ...
- Iterator接口用法
1.所有实现Collection接口的容器类都有一个iteractor方法,用于返回一个实现了Iteractor接口的对象, 2.Iteractor对象成为迭代器,用以实现对容器内元素的遍历操作 3. ...
- Axis 发布、调用WebService(转)
一.JWS方法发布WebService 1.在官方网站下载axis的工程(这个等下就有用的)和源码.jar包等,下载地址是: http://www.apache.org/dyn/closer.cgi/ ...
- java 中文及特殊字符校验
java 中文及特殊字符校验 CreateTime--2017年8月25日16:54:50 Author:Marydon 一.参考链接 http://blog.csdn.net/imduan/ar ...
- 基于kettle8的web端调度监控平台
发布时间:2018-11-16 技术:spring+springmvc +beetlsql+quartz+kettle8 概述 Kettle调度监控平台(以下简称KS)是一个自主开发的java ...
- java爬虫入门--用jsoup爬取汽车之家的新闻
概述 使用jsoup来进行网页数据爬取.jsoup 是一款Java 的HTML解析器,可直接解析某个URL地址.HTML文本内容.它提供了一套非常省力的API,可通过DOM,CSS以及类似于jQuer ...