本帖最后由 aiirii 于 2012-12-21 18:38 编辑
那个说法应该不对,看我如下的测试
SQL> create table scott.test3 as select * from dba_objects;
SQL> desc scott.test3
Name Null? Type
----------------------------------------- -------- ----------------------------
OWNER VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
SUBOBJECT_NAME VARCHAR2(30)
OBJECT_ID NUMBER
DATA_OBJECT_ID NUMBER
OBJECT_TYPE VARCHAR2(19)
CREATED DATE
LAST_DDL_TIME DATE
TIMESTAMP VARCHAR2(19)
STATUS VARCHAR2(7)
TEMPORARY VARCHAR2(1)
GENERATED VARCHAR2(1)
SECONDARY VARCHAR2(1)
SQL> select owner,object_id from scott.test3 where rownum < 15;
OWNER OBJECT_ID
------------------------------ ----------
SYS 20
SYS 44
SYS 28
SYS 15
SYS 29
SYS 3
SYS 25
SYS 39
SYS 51
SYS 26
SYS 17
SYS 13
SYS 9
SYS 41
begin
dbms_fga.add_policy (
object_schema=>'SCOTT',
object_name=>'TEST3',
policy_name=>'PTEST32',
audit_column => 'OWNER,OBJECT_ID',
audit_condition => 'OWNER=''SYS'' and OBJECT_ID < 30',
statement_types => 'SELECT,INSERT, UPDATE',
audit_column_opts => DBMS_FGA.ANY_COLUMNS,
enable => true );
end;
set linesize 500
col policy_text for a30
select object_schema,object_name,policy_name,policy_text,enabled from dba_audit_policies;
conn scott/password
select * from test3 where OBJECT_ID > 20 and rownum < 5
select * from test3 where OBJECT_ID < 30 and owner = 'SYS';
select * from test3 where owner <>'SYS' and rownum < 10;
select * from test3 where owner <>'SYS' and OBJECT_ID < 30;
conn / as sysdba
select DB_USER,statement_type,SQL_TEXT from dba_fga_audit_trail;
DB_USER STATEME SQL_TEXT
------------------------------ ------- ----------------------------------------------------------------------------------------------------
SCOTT SELECT select * from test3 where OBJECT_ID > 20 and rownum < 5
SCOTT SELECT select * from test3 where rownum < 20
SCOTT SELECT select * from test3 where OBJECT_ID < 30 and owner = 'SYS'
begin
dbms_fga.drop_policy(
OBJECT_SCHEMA => 'SCOTT',
OBJECT_NAME => 'TEST3',
POLICY_NAME => 'PTEST32');
end;
/