Unified Auditing:
Oracle Database 12c Release 1 introduces a new auditing feature called Unified Auditing (12.1). Oracle Unified Auditing modifies the database's fundamental auditing capabilities. In earlier versions of Oracle, each component has its own audit trail. With unified auditing, all auditing is compiled into a single repository and view. Due to the fact that all audit data is now in a single location and a single format, there is a double simplification as a result.
This data is made available in a consistent format in the UNIFIED AUDIT TRAIL data dictionary view, which is made possible by the unified audit trail, which is stored in a read-only table in the AUDSYS schema in the SYSAUX tablespace.
DBAs can build audit rules and then assign them to various users using Oracle 12c Unified Auditing, which has the same advantages as giving users varying system capabilities based on their responsibilities.
The unified_audit_trail database will contain all of the audit records. A 12c database comes with 7 audit policies by default.
Oracle 12c Unified Auditing supports:
- Standard database auditing
- SYS operations auditing (AUDIT_SYS_OPERATIONS)
- Fine Grained Audit (FGA)
- Data Pump
- Oracle RMAN
- Oracle Label Security (OLS)
- Database Vault (DV)
- Real Application Security (RAS)
- SQL*Loader Direct Load
Oracle Enterprise Edition includes unified auditing as a standard; a separate license is not needed. Although it is installed by default, it is not entirely enabled. As a way to move from pre-12c auditing, there are two modes of operation.
1. Mixed Mode Auditing:
In 12c, it is enabled by default. It facilitates the use of both traditional and unified auditing techniques. In other words, we can use all the benefits of unified auditing in addition to traditional auditing. We may convert our existing audit configuration to the unified policy and enable pure auditing.
This works well as a bridge to enable a smooth transition to the preferred Unified auditing.
2. Pure Mode or Full Mode Auditing:
After pure auditing is turned on. The traditional auditing techniques are inapplicable.
Enabling Unified Auditing:
1. Validate the auditing status:
SQL> SELECT value FROM v$option WHERE parameter = 'Unified Auditing';
VALUE
----------------------------------------------------------------
FALSE
Here:
TRUE = PURE AUDITING
FALSE = MIXED AUDITING
2. Enable the Unified Auditing:
a. Shutdown the database
SQL> shut immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
b. linking the libraries and changing the permissions
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME
/usr/bin/ar d /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a kzanang.o
/usr/bin/ar cr /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/kzaiang.o
chmod 755 /u01/app/oracle/product/12.2.0/db_1/bin
Output:
[oracle@oracle12c ~]$ cd $ORACLE_HOME/rdbms/lib
[oracle@oracle12c lib]$ make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME
/usr/bin/ar cr /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/kzaiang.o
chmod 755 /u01/app/oracle/product/12.2.0/db_1/bin
- Linking Oracle
rm -f /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/oracle
/u01/app/oracle/product/12.2.0/db_1/bin/orald -o /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/oracle -m64 -z noexecstack -Wl,--disable-new-dtags -L/u01/app/oracle/product/12.2.0/db_1/rdbms/lib/ -L/u01/app/oracle/product/12.2.0/db_1/lib/ -L/u01/app/oracle/product/12.2.0/db_1/lib/stubs/ -Wl,-E /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/opimai.o /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/ssoraed.o /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/ttcsoi.o -Wl,--whole-archive -lperfsrv12 -Wl,--no-whole-archive /u01/app/oracle/product/12.2.0/db_1/lib/nautab.o /u01/app/oracle/product/12.2.0/db_1/lib/naeet.o /u01/app/oracle/product/12.2.0/db_1/lib/naect.o /u01/app/oracle/product/12.2.0/db_1/lib/naedhs.o /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/config.o -ldmext -lserver12 -lodm12 -lofs -lcell12 -lnnet12 -lskgxp12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 -lclient12 -lvsn12 -lcommon12 -lgeneric12 -lknlopt `if /usr/bin/ar tv /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap12" ; fi` -lskjcx12 -lslax12 -lpls12 -lrt -lplp12 -ldmext -lserver12 -lclient12 -lvsn12 -lcommon12 -lgeneric12 `if [ -f /u01/app/oracle/product/12.2.0/db_1/lib/libavserver12.a ] ; then echo "-lavserver12" ; else echo "-lavstub12"; fi` `if [ -f /u01/app/oracle/product/12.2.0/db_1/lib/libavclient12.a ] ; then echo "-lavclient12" ; fi` -lknlopt -lslax12 -lpls12 -lrt -lplp12 -ljavavm12 -lserver12 -lwwg `cat /u01/app/oracle/product/12.2.0/db_1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 -ln12 -lnl12 -lngsmshd12 -lnro12 `cat /u01/app/oracle/product/12.2.0/db_1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 -ln12 -lnl12 -lngsmshd12 -lnnzst12 -lzt12 -lztkg12 -lmm -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 -lztkg12 `cat /u01/app/oracle/product/12.2.0/db_1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 -ln12 -lnl12 -lngsmshd12 -lnro12 `cat /u01/app/oracle/product/12.2.0/db_1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 -ln12 -lnl12 -lngsmshd12 -lnnzst12 -lzt12 -lztkg12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 `if /usr/bin/ar tv /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a | grep "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo12 -lserver12"; fi` -L/u01/app/oracle/product/12.2.0/db_1/ctx/lib/ -lctxc12 -lctx12 -lzx12 -lgx12 -lctx12 -lzx12 -lgx12 -lordimt12 -lclsra12 -ldbcfg12 -lhasgen12 -lskgxn2 -lnnzst12 -lzt12 -lxml12 -lgeneric12 -locr12 -locrb12 -locrutl12 -lhasgen12 -lskgxn2 -lnnzst12 -lzt12 -lxml12 -lgeneric12 -lgeneric12 -lorazip -loraz -llzopro5 -lorabz2 -lipp_z -lipp_bz2 -lippdcemerged -lippsemerged -lippdcmerged -lippsmerged -lippcore -lippcpemerged -lippcpmerged -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 -lsnls12 -lunls12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 -lasmclnt12 -lcommon12 -lcore12 -laio -lons -lfthread12 `cat /u01/app/oracle/product/12.2.0/db_1/lib/sysliblist` -Wl,-rpath,/u01/app/oracle/product/12.2.0/db_1/lib -lm `cat /u01/app/oracle/product/12.2.0/db_1/lib/sysliblist` -ldl -lm -L/u01/app/oracle/product/12.2.0/db_1/lib `test -x /usr/bin/hugeedit -a -r /usr/lib64/libhugetlbfs.so && test -r /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/shugetlbfs.o && echo -Wl,-zcommon-page-size=2097152 -Wl,-zmax-page-size=2097152 -lhugetlbfs`
test ! -f /u01/app/oracle/product/12.2.0/db_1/bin/oracle || (\
mv -f /u01/app/oracle/product/12.2.0/db_1/bin/oracle /u01/app/oracle/product/12.2.0/db_1/bin/oracleO &&\
chmod 600 /u01/app/oracle/product/12.2.0/db_1/bin/oracleO )
mv /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/oracle /u01/app/oracle/product/12.2.0/db_1/bin/oracle
chmod 6751 /u01/app/oracle/product/12.2.0/db_1/bin/oracle
[oracle@oracle12c lib]$ /usr/bin/ar d /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a kzanang.o
[oracle@oracle12c lib]$ /usr/bin/ar cr /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/libknlopt.a /u01/app/oracle/product/12.2.0/db_1/rdbms/lib/kzaiang.o
[oracle@oracle12c lib]$ chmod 755 /u01/app/oracle/product/12.2.0/db_1/bin
c. startup the database:
SQL> startup
ORACLE instance started.
Total System Global Area 2466250752 bytes
Fixed Size 8623688 bytes
Variable Size 671091128 bytes
Database Buffers 1778384896 bytes
Redo Buffers 8151040 bytes
Database mounted.
Database opened.
d. Validate the Unified Auditing value:
SQL> SELECT VALUE FROM V$OPTION WHERE PARAMETER='Unified Auditing';
VALUE
----------------------------------------------------------------
TRUE
What are the default policies in Unified Auditing?
SQL> select distinct POLICY_NAME from AUDIT_UNIFIED_POLICIES;
POLICY_NAME
--------------------------------------------------------------------------------
ORA_CIS_RECOMMENDATIONS
ORA_LOGON_FAILURES
ORA_RAS_POLICY_MGMT
ORA_DATABASE_PARAMETER
ORA_ACCOUNT_MGMT
ORA_RAS_SESSION_MGMT
ORA_SECURECONFIG
7 rows selected.
The above policies are the default policies and by default they are not enabled. To check which policies are enabled run the below SQL.
SQL> select distinct policy_name from AUDIT_UNIFIED_ENABLED_POLICIES;
POLICY_NAME
--------------------------------------------------------------------------------
ORA_LOGON_FAILURES
ORA_SECURECONFIG
Let's dig further into each policy now and see which audit policy are included.
SQL> select AUDIT_OPTION from AUDIT_UNIFIED_POLICIES where POLICY_NAME='ORA_SECURECONFIG';
AUDIT_OPTION
----------------------------------------
LOGMINING
TRANSLATE ANY SQL
EXEMPT REDACTION POLICY
PURGE DBA_RECYCLEBIN
ADMINISTER KEY MANAGEMENT
DROP ANY SQL TRANSLATION PROFILE
ALTER ANY SQL TRANSLATION PROFILE
CREATE ANY SQL TRANSLATION PROFILE
CREATE SQL TRANSLATION PROFILE
CREATE EXTERNAL JOB
CREATE ANY JOB
GRANT ANY OBJECT PRIVILEGE
EXEMPT ACCESS POLICY
CREATE ANY LIBRARY
GRANT ANY PRIVILEGE
DROP ANY PROCEDURE
ALTER ANY PROCEDURE
CREATE ANY PROCEDURE
ALTER DATABASE
GRANT ANY ROLE
DROP PUBLIC SYNONYM
CREATE PUBLIC SYNONYM
DROP ANY TABLE
ALTER ANY TABLE
CREATE ANY TABLE
DROP USER
BECOME USER
CREATE USER
AUDIT SYSTEM
ALTER SYSTEM
CREATE DATABASE LINK
DROP DATABASE LINK
ALTER USER
CREATE ROLE
DROP ROLE
SET ROLE
CREATE PROFILE
DROP PROFILE
ALTER PROFILE
ALTER ROLE
CREATE DIRECTORY
DROP DIRECTORY
ALTER DATABASE LINK
CREATE PLUGGABLE DATABASE
ALTER PLUGGABLE DATABASE
DROP PLUGGABLE DATABASE
EXECUTE
EXECUTE
48 rows selected.
Note: Even if no new policy is enabled in the database, the audit action of the above audit options will be recorded in the unified_audit_trail.
To prove the above statement will perform few activities in the database to capture and to validate the audit data from the UNIFIED_AUDIT_TRAIL table.
Create a custom Unified Auditing policies:
SQL> CREATE AUDIT POLICY CREATE_INSERT_POL ACTIONS CREATE TABLE,INSERT ON FEROZ.CARD_DETAILS,SELECT on FEROZ.CARD_DETAILS;
Audit policy created.
Validate the policy details:
SQL> set lines 299
col POLICY_NAME for a23
col AUDIT_OPTION for a12
col AUDIT_CONDITION for a12
col OBJECT_SCHEMA for a23
col OBJECT_NAME for a14
select POLICY_NAME,audit_option,AUDIT_CONDITION,OBJECT_SCHEMA,OBJECT_NAME
FROM AUDIT_UNIFIED_POLICIES
where POLICY_NAME='CREATE_INSERT_POL';SQL> SQL> SQL> SQL> SQL> SQL> 2 3
POLICY_NAME AUDIT_OPTION AUDIT_CONDIT OBJECT_SCHEMA OBJECT_NAME
----------------------- ------------ ------------ ----------------------- --------------
CREATE_INSERT_POL CREATE TABLE NONE NONE NONE
CREATE_INSERT_POL INSERT NONE FEROZ CARD_DETAILS
CREATE_INSERT_POL SELECT NONE FEROZ CARD_DETAILS
Validate the policy is enable?
SQL> select distinct policy_name from AUDIT_UNIFIED_ENABLED_POLICIES where policy_name='CREATE_INSERT_POL';
no rows selected
Note: Unless we enabled the custom policies we can't capture the actions in the audit table.
Now, enable the policy:
SQL> audit policy CREATE_INSERT_POL;
Audit succeeded.
Test it by creating a table and inserting the record into a table
SQL> conn feroz/feroz
Connected.
SQL> create table test123 (testid number(5));
Table created.
SQL> insert into CARD_DETAILS values(106,'firdous',987654321);
1 row created.
SQL> commit;
Commit complete.
Validate the audit records:
SQL> conn / as sysdba
Connected.
SQL> set lines 200 pages 200
col SQL_TEXT for a30
col action_name for a20
col UNIFIED_AUDIT_POLICIES for a25
select action_name,SQL_TEXT,UNIFIED_AUDIT_POLICIES ,EVENT_TIMESTAMP
from unified_AUDIT_trail
where DBUSERNAME='FEROZ'
and EVENT_TIMESTAMP > sysdate -1/24;SQL> SQL> SQL> SQL> 2 3 4
ACTION_NAME SQL_TEXT UNIFIED_AUDIT_POLICIES EVENT_TIMESTAMP
-------------------- ------------------------------ ------------------------- ---------------------------------------------------------------------------
CREATE TABLE create table test123 (testid n CREATE_INSERT_POL 01-SEP-22 05.14.41.542620 PM
umber(5))
SELECT select * from CARD_DETAILS 01-SEP-22 05.16.43.365709 PM
SELECT select * from CARD_DETAILS 01-SEP-22 05.16.43.372337 PM
SELECT select * from CARD_DETAILS 01-SEP-22 05.16.43.401336 PM
SELECT select * from CARD_DETAILS CREATE_INSERT_POL 01-SEP-22 05.16.43.402468 PM
INSERT insert into CARD_DETAILS value CREATE_INSERT_POL 01-SEP-22 05.17.14.301385 PM
s(105,'firdous',987654321)
INSERT insert into CARD_DETAILS value 01-SEP-22 05.17.25.864042 PM
s(106,'firdous',987654321)
INSERT insert into CARD_DETAILS value 01-SEP-22 05.17.25.865805 PM
s(106,'firdous',987654321)
INSERT insert into CARD_DETAILS value CREATE_INSERT_POL 01-SEP-22 05.17.25.866900 PM
s(106,'firdous',987654321)
9 rows selected.
Regarding Sys Auditing:
- Sys audit records will be written to both the OS level and the unified_trail in the case of mix auditing if the audit action policy is enabled.
- With Mixed Auditing, If the initialization parameter AUDIT_SYS_OPERATIONS is set to TRUE, these records are written only to the traditional audit trails. However, these unified audit records are also written to the unified audit trail when unified audit policies are enabled for administrative users.
- With Pure Unified Auditing, the audit records only writes to the UNIFIED_AUDIT_TRAIL table.
Maintenance Task:
- Disabling audit policies
- Enabling audit policies
- Dropping audit policies
- Purging audit trail table
Disable:
SQL> NOAUDIT POLICY CREATE_INSERT_POL;
Noaudit succeeded.
Enable:
SQL> AUDIT POLICY CREATE_INSERT_POL;
Audit succeeded.
Drop:
You must disable it before you drop it.
SQL> DROP AUDIT POLICY CREATE_INSERT_POL;
DROP AUDIT POLICY CREATE_INSERT_POL
*
ERROR at line 1:
ORA-46361: Audit policy cannot be dropped as it is currently enabled.
SQL> NOAUDIT POLICY CREATE_INSERT_POL;
Noaudit succeeded.
SQL> DROP AUDIT POLICY CREATE_INSERT_POL;
Audit Policy dropped.
Purge Audit trail:
SQL> exec DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP (AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, LAST_ARCHIVE_TIME => sysdate-15);
PL/SQL procedure successfully completed.
Audit Top-Level Statements:
A single call to a procedure may result in a significant number of auditable activities when we use PL/SQL APIs. We can audit just top-level statements in order to minimize the audit trail's number of entries. In the instance of a PL/SQL API, we would audit only the call to the procedure rather than each and every step that the process takes when it is executed.
I'll create a user and a few tables to demonstrate how auditing functions:
1. Create a user and grant permissions:
SQL> CREATE USER AUDTEST IDENTIFIED BY AUDTEST DEFAULT TABLESPACE fin_tbs1 TEMPORARY TABLESPACE TEMP QUOTA UNLIMITED ON fin_tbs1;
User created.
SQL> grant connect, resource to AUDTEST;
Grant succeeded.
SQL> grant select_catalog_role to AUDTEST;
Grant succeeded.
2. Create a table and a procedure:
SQL> create table audtest.tab1 (id number);
Table created.
SQL> create or replace procedure audtest.insert_tab1 (t_id in number)
as
begin
insert into tab1 values (t_id);
end;
/ 2 3 4 5 6
Procedure created.
3. I will create two unified audit policies. For the AUDTEST user, they both audit all actions, but the second policy adds the ONLY TOPLEVEL clause.
SQL> create audit policy audtest_pol
actions all
when q'~ sys_context('userenv', 'session_user') = 'AUDTEST' ~'
evaluate per session; 2 3 4
Audit policy created.
SQL> create audit policy audtest_toplevel_pol
actions all
when q'~ sys_context('userenv', 'session_user') = 'AUDTEST' ~'
evaluate per session
only toplevel; 2 3 4 5
Audit policy created.
Testing Audit policies:
Firstly, I will enable normal unified audit policy.
SQL> audit policy audtest_pol;
Audit succeeded.
We now connect to the user and insert the data into the table to validate the auditing records.
[oracle@oracle12c ~]$ sqlplus /nolog
SQL*Plus: Release 19.0.0.0.0 - Production on Wed Aug 31 17:36:52 2022
Version 19.3.0.0.0
Copyright (c) 1982, 2019, Oracle. All rights reserved.
SQL> conn AUDTEST/AUDTEST@//localhost:1522/PDB19_1
Connected.
SQL> exec insert_tab1(100);
PL/SQL procedure successfully completed.
SQL> commit;
Commit complete.
Query the unified audit table:
SQL> conn sys/oracle@//localhost:1522/PDB19_1 as sysdba
Connected.
SQL> set linesize 200
column event_timestamp format a30
column action_name format a13
column object_schema format a15
column object_name format a25
select event_timestamp,
action_name,
object_schema,
object_name
from unified_audit_trail
where dbusername = 'AUDTEST'
order by event_timestamp;SQL> SQL> SQL> SQL> SQL> SQL> 2 3 4 5 6 7
EVENT_TIMESTAMP ACTION_NAME OBJECT_SCHEMA OBJECT_NAME
------------------------------ ------------- --------------- -------------------------
31-AUG-22 05.35.54.281765 PM LOGON
31-AUG-22 05.35.54.289805 PM ALTER SESSION
31-AUG-22 05.35.54.304413 PM SELECT SYS DUAL
31-AUG-22 05.35.54.455682 PM EXECUTE
31-AUG-22 05.35.54.465913 PM COMMIT
31-AUG-22 05.35.54.469522 PM COMMIT
31-AUG-22 05.36.39.976884 PM LOGOFF
31-AUG-22 05.37.00.226681 PM LOGON
31-AUG-22 05.37.00.230082 PM ALTER SESSION
31-AUG-22 05.37.00.235318 PM SELECT SYS DUAL
31-AUG-22 05.37.00.237770 PM EXECUTE
EVENT_TIMESTAMP ACTION_NAME OBJECT_SCHEMA OBJECT_NAME
------------------------------ ------------- --------------- -------------------------
31-AUG-22 05.37.00.240073 PM COMMIT
31-AUG-22 05.37.00.241097 PM COMMIT
31-AUG-22 05.37.09.483674 PM INSERT AUDTEST TAB1
31-AUG-22 05.37.09.487721 PM EXECUTE
31-AUG-22 05.37.12.284452 PM COMMIT
31-AUG-22 05.39.18.113872 PM LOGOFF
17 rows selected.
Now, I will disable the unified auditing and enable the auditing for Top-level policy.
SQL> noaudit policy audtest_pol;
Noaudit succeeded.
SQL> audit policy audtest_toplevel_pol;
Audit succeeded.
I shall clean up the audit records before adding them in order to capture the Top-level auditing data again.
SQL> exec dbms_audit_mgmt.clean_audit_trail(dbms_audit_mgmt.audit_trail_unified,false);
PL/SQL procedure successfully completed.
SQL> set linesize 200
column event_timestamp format a30
column action_name format a13
column object_schema format a15
column object_name format a25
select event_timestamp,
action_name,
object_schema,
object_name
from unified_audit_trail
where dbusername = 'AUDTEST'
order by event_timestamp;SQL> SQL> SQL> SQL> SQL> SQL> 2 3 4 5 6 7
no rows selected
I will insert the data into the table to capture the Top-level statements by connecting the user.
The UNIFIED AUDIT TRAIL View now includes the EVENT TIMESTAMP UTC column.
The UNIFIED AUDIT TRAIL view now has the EVENT TIMESTAMP UTC column. Wherever possible, queries against the UNIFIED AUDIT TRAIL view should include the EVENT TIMESTAMP UTC column in the WHERE clause because it will enable partition pruning, which will improve performance.
FGA (FINE_GRAINED_AUDITING):
We can audit users who access data that meets a specific set of criteria thanks to fine-grain auditing (FGA). We can audit select, insert, update, and delete activities in accordance with standard auditing. It is very impossible to get around these policies; however, one great feature is that we can attach handlers (like triggers) to the policies which can execute procedures. We utilize the package DBMS_FGA to add, remove, activate, and disable FGA auditing policies.
Here are some straightforward examples of the several options that can be used with the DBMS_FGA package:
Comments
Post a Comment