Oracle 12C -- Unified Auditing Policy
1.审计策略是一组审计选项,用来审计数据库用户
2.创建审计策略需要被授予audit_admin角色(create audit policy ...)
3.可以在CDB、PDB级别创建创建审计策略
4.审计策略被enable之后才能生效。标准的非策略审计不受enable/disable影响
5.创建审计策略必须要指定系统级别或者对象级别的审计选项
-系统级别:
privilege审计选项审计所有的events;action审计选项审计数据库中需要被审计的操作,比如alter trigger;role审计选项审计被直接授予mgr_role的权限
privilege、action、role选项可以包含在同一个策略中。系统级别的审计选项可以查看sys.auditable_system_actions表
SQL> create audit policy audit_mixed_po01 privileges drop any table roles emp_role;
SQL> select * from sys.auditable_system_actions; TYPE COMPONENT ACTION NAME
---------- ------------------------------ ---------- ----------------------------------------------------------------
4 Standard 1 CREATE TABLE
4 Standard 2 INSERT
4 Standard 3 SELECT
4 Standard 4 CREATE CLUSTER
4 Standard 5 ALTER CLUSTER
4 Standard 6 UPDATE
4 Standard 7 DELETE
4 Standard 8 DROP CLUSTER
4 Standard 9 CREATE INDEX
4 Standard 10 DROP INDEX
4 Standard 11 ALTER INDEX
4 Standard 12 DROP TABLE
4 Standard 13 CREATE SEQUENCE
4 Standard 14 ALTER SEQUENCE
4 Standard 15 ALTER TABLE
4 Standard 16 DROP SEQUENCE
4 Standard 19 CREATE SYNONYM
4 Standard 20 DROP SYNONYM
4 Standard 21 CREATE VIEW
4 Standard 22 DROP VIEW
4 Standard 23 VALIDATE INDEX
4 Standard 24 CREATE PROCEDURE
4 Standard 25 ALTER PROCEDURE
4 Standard 26 LOCK TABLE
4 Standard 28 RENAME
4 Standard 29 COMMENT
4 Standard 32 CREATE DATABASE LINK
4 Standard 33 DROP DATABASE LINK
4 Standard 35 ALTER DATABASE
4 Standard 36 CREATE ROLLBACK SEGMENT
4 Standard 37 ALTER ROLLBACK SEGMENT
4 Standard 38 DROP ROLLBACK SEGMENT
4 Standard 39 CREATE TABLESPACE
4 Standard 40 ALTER TABLESPACE
4 Standard 41 DROP TABLESPACE
4 Standard 42 ALTER SESSION
4 Standard 43 ALTER USER
4 Standard 44 COMMIT
4 Standard 45 ROLLBACK
4 Standard 46 SAVEPOINT
4 Standard 48 SET TRANSACTION
4 Standard 49 ALTER SYSTEM
4 Standard 50 EXPLAIN
4 Standard 51 CREATE USER
4 Standard 52 CREATE ROLE
4 Standard 53 DROP USER
4 Standard 54 DROP ROLE
4 Standard 55 SET ROLE
4 Standard 56 CREATE SCHEMA
4 Standard 58 ALTER TRACING
4 Standard 59 CREATE TRIGGER
4 Standard 60 ALTER TRIGGER
4 Standard 61 DROP TRIGGER
4 Standard 62 ANALYZE TABLE
4 Standard 63 ANALYZE INDEX
4 Standard 64 ANALYZE CLUSTER
4 Standard 65 CREATE PROFILE
4 Standard 66 DROP PROFILE
4 Standard 67 ALTER PROFILE
4 Standard 68 DROP PROCEDURE
4 Standard 70 ALTER RESOURCE COST
4 Standard 71 CREATE MATERIALIZED VIEW LOG
4 Standard 72 ALTER MATERIALIZED VIEW LOG
4 Standard 73 DROP MATERIALIZED VIEW LOG
4 Standard 74 CREATE MATERIALIZED VIEW
4 Standard 75 ALTER MATERIALIZED VIEW
4 Standard 76 DROP MATERIALIZED VIEW
4 Standard 77 CREATE TYPE
4 Standard 78 DROP TYPE
4 Standard 79 ALTER ROLE
4 Standard 80 ALTER TYPE
4 Standard 81 CREATE TYPE BODY
4 Standard 82 ALTER TYPE BODY
4 Standard 83 DROP TYPE BODY
4 Standard 84 DROP LIBRARY
4 Standard 85 TRUNCATE TABLE
4 Standard 86 TRUNCATE CLUSTER
4 Standard 88 ALTER VIEW
4 Standard 90 SET CONSTRAINTS
4 Standard 91 CREATE FUNCTION
4 Standard 92 ALTER FUNCTION
4 Standard 93 DROP FUNCTION
4 Standard 94 CREATE PACKAGE
4 Standard 95 ALTER PACKAGE
4 Standard 96 DROP PACKAGE
4 Standard 97 CREATE PACKAGE BODY
4 Standard 98 ALTER PACKAGE BODY
4 Standard 99 DROP PACKAGE BODY
4 Standard 157 CREATE DIRECTORY
4 Standard 158 DROP DIRECTORY
4 Standard 159 CREATE LIBRARY
4 Standard 160 CREATE JAVA
4 Standard 161 ALTER JAVA
4 Standard 162 DROP JAVA
4 Standard 163 CREATE OPERATOR
4 Standard 164 CREATE INDEXTYPE
4 Standard 165 DROP INDEXTYPE
4 Standard 166 ALTER INDEXTYPE
4 Standard 167 DROP OPERATOR
4 Standard 168 ASSOCIATE STATISTICS
4 Standard 169 DISASSOCIATE STATISTICS
4 Standard 170 CALL METHOD
4 Standard 171 CREATE SUMMARY
4 Standard 172 ALTER SUMMARY
4 Standard 173 DROP SUMMARY
4 Standard 174 CREATE DIMENSION
4 Standard 175 ALTER DIMENSION
4 Standard 176 DROP DIMENSION
4 Standard 177 CREATE CONTEXT
4 Standard 178 DROP CONTEXT
4 Standard 179 ALTER OUTLINE
4 Standard 180 CREATE OUTLINE
4 Standard 181 DROP OUTLINE
4 Standard 182 UPDATE INDEXES
4 Standard 183 ALTER OPERATOR
4 Standard 184 Do not use 184
4 Standard 185 Do not use 185
4 Standard 186 Do not use 186
4 Standard 187 CREATE SPFILE
4 Standard 188 CREATE PFILE
4 Standard 190 CHANGE PASSWORD
4 Standard 191 UPDATE JOIN INDEX
4 Standard 192 ALTER SYNONYM
4 Standard 193 ALTER DISK GROUP
4 Standard 194 CREATE DISK GROUP
4 Standard 195 DROP DISK GROUP
4 Standard 196 ALTER LIBRARY
4 Standard 197 PURGE USER RECYCLEBIN
4 Standard 198 PURGE DBA RECYCLEBIN
4 Standard 199 PURGE TABLESPACE
4 Standard 200 PURGE TABLE
4 Standard 201 PURGE INDEX
4 Standard 202 UNDROP OBJECT
4 Standard 205 FLASHBACK TABLE
4 Standard 206 CREATE RESTORE POINT
4 Standard 207 DROP RESTORE POINT
4 Standard 212 CREATE EDITION
4 Standard 214 DROP EDITION
4 Standard 215 DROP ASSEMBLY
4 Standard 216 CREATE ASSEMBLY
4 Standard 217 ALTER ASSEMBLY
4 Standard 218 CREATE FLASHBACK ARCHIVE
4 Standard 219 ALTER FLASHBACK ARCHIVE
4 Standard 220 DROP FLASHBACK ARCHIVE
4 Standard 222 CREATE SCHEMA SYNONYM
4 Standard 224 DROP SCHEMA SYNONYM
4 Standard 225 ALTER DATABASE LINK
4 Standard 226 CREATE PLUGGABLE DATABASE
4 Standard 227 ALTER PLUGGABLE DATABASE
4 Standard 228 DROP PLUGGABLE DATABASE
4 Standard 229 CREATE AUDIT POLICY
4 Standard 230 ALTER AUDIT POLICY
4 Standard 231 DROP AUDIT POLICY
4 Standard 238 ADMINISTER KEY MANAGEMENT
4 Standard 239 CREATE MATERIALIZED ZONEMAP
4 Standard 240 ALTER MATERIALIZED ZONEMAP
4 Standard 241 DROP MATERIALIZED ZONEMAP
4 Standard 17 GRANT
4 Standard 18 REVOKE
4 Standard 30 AUDIT
4 Standard 31 NOAUDIT
4 Standard 100 LOGON
4 Standard 101 LOGOFF
4 Standard 47 EXECUTE
4 Standard 189 MERGE
4 Standard 242 ALL
8 Label Security 1 APPLY POLICY
8 Label Security 2 REMOVE POLICY
8 Label Security 3 SET AUTHORIZATION
8 Label Security 4 PRIVILEGED ACTION
8 Label Security 5 ENABLE POLICY
8 Label Security 6 DISABLE POLICY
8 Label Security 7 SUBSCRIBE OID
8 Label Security 8 UNSUBSCRIBE OID
8 Label Security 9 CREATE DATA LABEL
8 Label Security 10 ALTER DATA LABEL
8 Label Security 11 DROP DATA LABEL
8 Label Security 12 CREATE POLICY
8 Label Security 13 ALTER POLICY
8 Label Security 14 DROP POLICY
8 Label Security 15 CREATE LABEL COMPONENTS
8 Label Security 16 ALTER LABEL COMPONENTS
8 Label Security 17 DROP LABEL COMPONENTS
8 Label Security 18 ALL
6 XS 1 CREATE USER
6 XS 2 UPDATE USER
6 XS 3 DELETE USER
6 XS 4 CREATE ROLE
6 XS 5 UPDATE ROLE
6 XS 6 DELETE ROLE
6 XS 7 GRANT ROLE
6 XS 8 REVOKE ROLE
6 XS 9 ADD PROXY
6 XS 10 REMOVE PROXY
6 XS 11 SET USER PASSWORD
6 XS 12 SET USER VERIFIER
6 XS 13 CREATE ROLESET
6 XS 14 UPDATE ROLESET
6 XS 15 DELETE ROLESET
6 XS 16 CREATE SECURITY CLASS
6 XS 17 UPDATE SECURITY CLASS
6 XS 18 DELETE SECURITY CLASS
6 XS 19 CREATE NAMESPACE TEMPLATE
6 XS 20 UPDATE NAMESPACE TEMPLATE
6 XS 21 DELETE NAMESPACE TEMPLATE
6 XS 22 CREATE ACL
6 XS 23 UPDATE ACL
6 XS 24 DELETE ACL
6 XS 25 CREATE DATA SECURITY
6 XS 26 UPDATE DATA SECURITY
6 XS 27 DELETE DATA SECURITY
6 XS 28 ENABLE DATA SECURITY
6 XS 29 DISABLE DATA SECURITY
6 XS 30 ADD GLOBAL CALLBACK
6 XS 31 DELETE GLOBAL CALLBACK
6 XS 32 ENABLE GLOBAL CALLBACK
6 XS 33 ENABLE ROLE
6 XS 34 DISABLE ROLE
6 XS 35 SET COOKIE
6 XS 36 SET INACTIVE TIMEOUT
6 XS 37 CREATE SESSION
6 XS 38 DESTROY SESSION
6 XS 39 SWITCH USER
6 XS 40 ASSIGN USER
6 XS 41 CREATE SESSION NAMESPACE
6 XS 42 DELETE SESSION NAMESPACE
6 XS 43 CREATE NAMESPACE ATTRIBUTE
6 XS 44 GET NAMESPACE ATTRIBUTE
6 XS 45 SET NAMESPACE ATTRIBUTE
6 XS 46 DELETE NAMESPACE ATTRIBUTE
6 XS 47 SET USER PROFILE
6 XS 48 ALL
10 Datapump 1 EXPORT
10 Datapump 2 IMPORT
10 Datapump 3 ALL
7 Database Vault 1 REALM VIOLATION
7 Database Vault 2 REALM SUCCESS
7 Database Vault 3 REALM ACCESS
7 Database Vault 4 RULE SET FAILURE
7 Database Vault 5 RULE SET SUCCESS
7 Database Vault 6 RULE SET EVAL
7 Database Vault 7 FACTOR ERROR
7 Database Vault 8 FACTOR NULL
7 Database Vault 9 FACTOR VALIDATE ERROR
7 Database Vault 10 FACTOR VALIDATE FALSE
7 Database Vault 11 FACTOR TRUST LEVEL NULL
7 Database Vault 12 FACTOR TRUST LEVEL NEG
7 Database Vault 13 FACTOR ALL
11 Direct path API 1 LOAD
11 Direct path API 2 ALL
-对象级别:是动态的。修改后对当前用户和后期用户都会生效。
SQL> create audit policy audit_objpriv_po02 actions execute,grant on hr.raise_salary_proc;
-condition和evaluation:
SQL> create audit policy audit_mixed_po03 actions rename on hr.employees, alter on hr.jobs,when 'SYS_CONTEXT(''USERNAME'',''SESSION_USER'')=''JIM''' evaluate per session;
6.开启审计策略
SQL> audit policy audit_syspriv_po01;#对所有用户都生效
SQL> audit policy audit_po02 by scott,hr;#只对scott,hr用户生效
SQL> audit policy audit_po03 by sys;#只是对sys用户生效
SQL> audit policy audit_po04 except jim,scott;#jim,scott除外
Oracle 12C -- Unified Auditing Policy的更多相关文章
- Oracle 12C -- 删除audit policy
删除之前,必须将policy disable掉:然后再删除 SQL> noaudit policy audit_sysprvi_po01; SQL> drop audit policy a ...
- 使用Unified Auditing Policy审计数据泵导出操作
1.创建审计策略 SQL> alter session set container=pdb1; SQL> create or replace directory dumpdir as '/ ...
- Oracle 12c 新特性 --- 新增对数据泵操作的审计跟踪
版权声明:本文为博主原创文章,未经博主允许不得转载. https://blog.csdn.net/leo__1990/article/details/90199263 概念 Oracle Data P ...
- Red Hat Enterprise Linux7的安装与oracle 12c的安装
Red Hat Enterprise Linux7的安装与oracle 12c的安装 本文档中用到的所有参数均位于文末附录 Red Hat Enterprise Linux7的安装 新建完虚拟机后,挂 ...
- [20180914]oracle 12c 表 full_hash_value如何计算.txt
[20180914]oracle 12c 表 full_hash_value如何计算.txt --//昨天在12c下看表full_hash_value与11g的full_hash_value不同,不过 ...
- Oracle 12C Data Gurad RAC TO RAC
Oracle 12C RAC TO RAC Data Guard on RHEL7 0.环境说明 primary db physical standby 操作系统 rhel7 x86_64 rhe ...
- Oracle 12c 搭建学习
Oracle 12c 搭建学习 Vm workstaton10 安装linux 6.4 安装oracle12c Oracle 12c只支持64位系统 1 环境检查 [root@rac1 ~]# gre ...
- ORACLE 12C新特性——CDB与PDB
Oracle 12C引入了CDB与PDB的新特性,在ORACLE 12C数据库引入的多租用户环境(Multitenant Environment)中,允许一个数据库容器(CDB)承载多个可插拔数据库( ...
- Oracle 12c 使用scott等普通用户的方法
目录: 一.前言 二.使用普通用户 三.自动启动PDB 一.前言 最近电脑上安装了oracle 12c数据库,想体验下新特性.安装完后,便像11g一样在dos窗口进行下面的操作: SQL Produc ...
随机推荐
- 内建DNS服务器--BIND
参考 BIND 官网:http://www.isc.org/downloads/bind/ 1.系统环境说明 [root@clsn6 ~]# cat /etc/redhat-release CentO ...
- SuperMap入门3——Hello World
Hello World程序很重要,对于入门来说,它可以检测我们的环境.配置是否正确,感受程序的易用性等. 添加工具 由于我是使用的VS2017+ SuperMap iObject绿色免安装版,所以新建 ...
- Android中创建option menu
1.首先在res目录下新建一个menu文件夹,右击res目录->New->Directory,输入文件夹名menu,点击OK. 接着在这个文件夹下再新建一个名叫main的菜单文件,右击me ...
- javascript数组操作大全,数组方法总汇
1. shift:删除原数组第一项,并返回删除元素的值:如果数组为空则返回undefined var a = [1,2,3,4,5]; var b = a.shift(); //a:[2,3,4,5] ...
- Linq中的连接(join)
http://www.cnblogs.com/scottckt/archive/2010/08/11/1797716.html Linq中连接主要有组连接.内连接.左外连接.交叉连接四种.各个用法如下 ...
- Ubuntu Server无法安装busybox-initramfs
解决方法很简单,使用英文安装就好,可以参考这个帖子:http://forum.ubuntu.com.cn/viewtopic.php?f=77&t=471547&p=3137632
- Mybatis 自动生成代码,数据库postgresql
最近做了一个项目,使用Mybatis自动生成代码,下面做一下总结,被以后参考: 一.提前准备: 1.工具类:mybatis-generator-core-1.3.2.jar 2.postgresql驱 ...
- MySQL事物系列:3:innodb_flush_log_at_trx_commit小实验
1:创建表和存储过程 mysql> create database trx; Query OK, 1 row affected (0.02 sec) mysql> USE trx Data ...
- sell 项目 商品表 设计 及 创建
1.数据库表之间的关系说明 2.数据库设计 3.创建 商品表 /** * 商品表 */ create table `product_info` ( `product_id` varchar(32) n ...
- 元素高度、宽度获取 style currentStyle getComputedStyle getBoundingClientRect
1.示例代码 (1)html <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> ...