Hi all,

11.2.0.3

I want to audit all the actions being done by the user "sys" and "system" and all other users with DBA privilege. Especially the action when they delete or truncate the SYS.$AUD table.
I read in the docs that they are audited by default? Is truncating the SYS.$AUD included? Is there a simple command for this?

Thanks a lot

Views: 26

Reply to This

Replies to This Discussion

unwilling or incapable to actually use GOOGLE yourself?

http://www.lmgtfy.com/?q=Oracle+audit+sys+user

The Oracle security guidelines said:

1.1 Log the following events in the audit log
1.1.1 ALTER ANY PROCEDURE
1.1.2 ALTER ANY TABLE
1.1.3 ALTER DATABASE
1.1.4 ALTER PROFILE
1.1.5 AUDIT ROLE BY ACCESS
1.1.6 ALTER SYSTEM
1.1.7 ALTER USER
1.1.8 AUDIT SYSTEM
1.1.9 AUDIT SYSTEM BY ACCESS
1.1.10 CREATE ANY JOB
1.1.11 CREATE ANY LIBRARY
1.1.12 CREATE ANY PROCEDURE
1.1.13 CREATE ANY TABLE
1.1.14 CREATE EXTERNAL JOB
1.1.15 CREATE PUBLIC DATABASE LINK
1.1.16 CREATE SESSION
1.1.17 CREATE USER
1.1.18 DROP ANY PROCEDURE
1.1.19 DROP ANY TABLE
1.1.20 DROP PROFILE
1.1.21 DROP USER
1.1.22 EXEMPT ACCESS POLICY
1.1.23 GRANT ANY OBJECT PRIVILEGE
1.1.24 GRANT ANY PRIVILEGE
1.1.25 GRANT ANY ROLE

Why is that > truncating or deleting of SYS.AUD$ not included?

Thanks

>Why is that > truncating or deleting of SYS.AUD$ not included?


only Oracle can answer this question so submit a Service Request & then please hold your breath for a definitive answer.

Reply to Discussion

RSS

Oracle Jobs in US

© 2024   Created by Maisam Agha.   Powered by

Badges  |  Report an Issue  |  Terms of Service