Oracle FGA细粒度审计

最新推荐文章于 2024-01-21 10:04:47 发布

深圳gg

最新推荐文章于 2024-01-21 10:04:47 发布

阅读量2.2k

点赞数 1

分类专栏：数据库

本文链接：https://blog.csdn.net/stevendbaguo/article/details/41643071

版权

数据库专栏收录该内容

125 篇文章 0 订阅

订阅专栏

如果你想要审计表上，在某个时间，哪些人，操作哪些DML语句，用FGA是个不错的选择。

SQL> select * from v$version;
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production

SQL>drop table test purge;

SQL>create table test as select * from dba_objects;

SQL> exec DBMS_FGA.ADD_POLICY(object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1',enable=>TRUE,statement_types=>'UPDATE,delete',audit_trail=>DBMS_FGA.DB+DBMS_FGA.EXTENDED,audit_column_opts=>DBMS_FGA.ANY_COLUMNS);--statement_types可以设置select,insert,delete,update

SQL> col SQL_TEXT format a80
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;

SQL> update test set subobject_name=object_id where rownum=1;
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;
update test set subobject_name=object_id where rownum=1 01-12月-14

SQL> update test set subobject_name=object_id where rownum<100;--可以看到是按照SQL语句来审计的，不是按照行变动审计
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;
update test set subobject_name=object_id where rownum<100 01-12月-14
update test set subobject_name=object_id where rownum=1 01-12月-14

SQL> delete from sys.fga_log$;
SQL> commit;
SQL> select SQL_TEXT,TIMESTAMP from DBA_FGA_AUDIT_TRAIL order by TIMESTAMP;

查看审计的策略：

select * from dba_audit_policies;

还有让审计失效、激活、删除的方法：

exec DBMS_FGA.DISABLE_POLICY (object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1');
exec DBMS_FGA.ENABLE_POLICY (object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1');
exec DBMS_FGA.DROP_POLICY(object_schema=>'LCAM_TEST',object_name=>'test',policy_name=>'FGA_1');

官方文档的位置是：

Oracle® Database PL/SQL Packages and Types Reference 11g Release 2 (11.2) DBMS_FGA

Table 66-2 ADD_POLICY Procedure Parameters

Parameter	Description	Default Value
`object_schema`	The schema of the object to be audited. `(If NULL, the current log-on user schema is assumed.)`	`NULL`
`object_name`	The name of the object to be audited.	-
`policy_name`	The unique name of the policy.	-
`audit_condition`	A condition in a row that indicates a monitoring condition. `NULL` is allowed and acts as `TRUE`.	`NULL`
`audit_column`	The columns to be checked for access. These can include OLS hidden columns or object type columns. The default, `NULL`, causes audit if any column is accessed or affected.	`NULL`
`handler_schema`	The schema that contains the event handler. The default, `NULL`, causes the current schema to be used.	`NULL`
`handler_module`	The function name of the event handler; includes the package name if necessary. This function is invoked only after the first row that matches the audit condition in the query is processed. If the procedure fails with an exception, the user SQL statement will fail as well.	`NULL`
`enable`	Enables the policy if TRUE, which is the default.	`TRUE`
`statement_types`	The SQL statement types to which this policy is applicable: `INSERT`, `UPDATE`,`DELETE`, or `SELECT` only.	`SELECT`
`audit_trail`	Destination (DB or XML) of fine grained audit records. Also specifies whether to populate `LSQLTEXT` and `LSQLBIND` in `fga_log$`.	`DB+EXTENDED`
`audit_column_opts`	Establishes whether a statement is audited when the query referencesany column specified in the audit_column parameter or only when allsuch columns are referenced.	`ANY_COLUMNS`

深圳gg

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
Oracle FGA细粒度审计

如果你想要审计表上，在某个时间，哪些人，操作哪些DML语句，用FGA是个不错的选择。SQL> select * from v$version;Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit ProductionPL/SQL Release 11.2.0.1.0 - ProductionCORE ...
复制链接

扫一扫

专栏目录