Oracle数据库审计用法实例
本节是从ORACLE METALINK的DOC:167293.1翻译整理而来的。通过举例的方式来说明ORACLE审计的用法。ORACLE的审计可以从语句级、对象
本节是从Oracle METALINK的DOC:167293.1翻译整理而来的。通过举例的方式来说明ORACLE审计的用法。
ORACLE的审计可以从语句级、对象级和权限级几个方面进行。同样的,SYSDBA和SYSOPER用户的行为也可以被审计(从ORACLE 9i Release 2,,9.2.0.1开始,SYS用户可以通过设置AUDIT_SYS_OPERATIONS参数来进行审计)。
1.对象级审计
可以被审计的对象包括表、视图、序列发生器、包、存储过程等。由于对象的依赖性问题,可能同一件事情可能会产生多条审计信息。比如说某个函数关联到某个视图,某个视图关联到某个表。
对象级审计只能针对整个数据库的用户而不能对于某个用户进行审计。要查看对象级审计具有哪些审计选项,可以查询ALL_DEF_AUDIT_OPTS视图。
SQL> connect system/manager
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRAINDINS LOC REN SEL UPD REF EXE
--- --- --- --- --- --- --- --- --- --- --- --- ---
-/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/-
下面的例子是对SCOTT.EMP进行审计:
SQL> connect system/manager
SQL> audit select on SCOTT.emp by session;
查看审计信息是否被记录了:
SQL> col owner format a7
SQL> col object_name format a7
SQL>select * from dba_obj_audit_opts
where wner='SCOTT' and OBJECT_NAME='EMP';
OWNEROBJECT_ OBJECT_TY ALT AUD COM DEL GRAINDINS LOC REN SEL UPD REF EXE
----- ----- --------- --- --- --- --- --- --- --- --- --- --- --- --- ---
SCOTTEMPTABLE-/- -/- -/- -/- -/- -/- -/- -/- -/- S/S -/- -/- -/-
以下的语句可以生成一些审计信息:
SQL> connect scott/tiger
SQL> select * from emp;
SQL> connect TEST/TEST
SQL> select * from scott.emp;
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> connect system/manager
SQL> select * from scott.emp;
审计结果
SQL> connect system/manager
SQL> col username format a8
SQL> col priv_used format 999
SQL> /
SQL>select username, priv_used, ses_actions from
dba_audit_object
where obj_name='EMP' and wner='SCOTT';
结果
USERNAMEPRIV_USEDSES_ACTIONS
------------------------------ ---------- -------------------
SCOTT---------S------
TEST
SYSTEMSELECT ANY ---------S------
2.从权限级进行审计
所有的系统权限都可以进行审计。从SYSTEM_PRIVILEGE_MAP中可查询到所有的系统权限。如果你要对一个不属于该视图中的权限进行审计,会出现错误:
SQL> audit drop snapshot by access;
audit drop snapshot by access
*
ERROR at line 1:
ORA-00956: missing or invalid auditing option
SQL> connect system/manager
SQL> select * from system_privilege_map;
PRIVILEGE NAME
---------- ----------------------------------------
-3 ALTER SYSTEM
-4 AUDIT SYSTEM
-5 CREATE SESSION
-6 ALTER SESSION
-7 RESTRICTED SESSION
-10 CREATE TABLESPACE
-11 ALTER TABLESPACE
-12 MANAGE TABLESPACE
-13 DROP TABLESPACE
.....
-167 GRANT ANY PRIVILEGE
-172 CREATE SNAPSHOT
-173 CREATE ANY SNAPSHOT
-174 ALTER ANY SNAPSHOT
-175 DROP ANY SNAPSHOT
-194 WRITEDOWN DBLOW
-195 READUP DBHIGH
-196 WRITEUP DBHIGH
-197 WRITEDOWN
-198 READUP
-199 WRITEUP
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to check which table space a table belongs to in Oracle
Jul 06, 2023 pm 01:31 PM
How to check which table space a table belongs to in Oracle: 1. Use the "SELECT" statement and specify the table name to find the table space to which the specified table belongs; 2. Use the database management tools provided by Oracle to check the table space to which the table belongs. Tools usually provide a graphical interface, making the operation more intuitive and convenient; 3. In SQL*Plus, you can view the table space to which the table belongs by entering the "DESCRIBEyour_table_name;" command.
How to connect to Oracle database using PDO
Jul 28, 2023 pm 12:48 PM
Overview of how to use PDO to connect to Oracle database: PDO (PHPDataObjects) is an extension library for operating databases in PHP. It provides a unified API to access multiple types of databases. In this article, we will discuss how to use PDO to connect to an Oracle database and perform some common database operations. Step: Install the Oracle database driver extension. Before using PDO to connect to the Oracle database, we need to install the corresponding Oracle
How to retrieve only one piece of duplicate data in oracle
Jul 06, 2023 am 11:45 AM
Steps for Oracle to fetch only one piece of duplicate data: 1. Use the SELECT statement combined with the GROUP BY and HAVING clauses to find duplicate data; 2. Use ROWID to delete duplicate data to ensure that accurate duplicate data records are deleted, or use "ROW_NUMBER" ()" function to delete duplicate data, which will delete all records except the first record in each set of duplicate data; 3. Use the "select count(*) from" statement to return the number of deleted records to ensure the result.
Implement data import into PHP and Oracle databases
Jul 12, 2023 pm 06:46 PM
Implementing data import into PHP and Oracle databases In web development, using PHP as a server-side scripting language can conveniently operate the database. As a common relational database management system, Oracle database has powerful data storage and processing capabilities. This article will introduce how to use PHP to import data into an Oracle database and give corresponding code examples. First, we need to ensure that PHP and Oracle database have been installed, and that PHP has been configured to
Does oracle database require jdk?
Jun 05, 2023 pm 05:06 PM
The oracle database requires jdk. The reasons are: 1. When using specific software or functions, other software or libraries included in the JDK are required; 2. Java JDK needs to be installed to run Java programs in the Oracle database; 3. JDK provides Develop and compile Java application functions; 4. Meet Oracle's requirements for Java functions to help implement and implement specific functions.
How to use PHP and Oracle database connection pools efficiently
Jul 12, 2023 am 10:07 AM
How to efficiently use connection pooling in PHP and Oracle databases Introduction: When developing PHP applications, using a database is an essential part. When interacting with Oracle databases, the use of connection pools is crucial to improving application performance and efficiency. This article will introduce how to use Oracle database connection pool efficiently in PHP and provide corresponding code examples. 1. The concept and advantages of connection pooling Connection pooling is a technology for managing database connections. It creates a batch of connections in advance and maintains a
How to use php to extend PDO to connect to Oracle database
Jul 29, 2023 pm 07:21 PM
How to use PHP to extend PDO to connect to Oracle database Introduction: PHP is a very popular server-side programming language, and Oracle is a commonly used relational database management system. This article will introduce how to use PHP extension PDO (PHPDataObjects) to connect to Oracle database. 1. Install the PDO_OCI extension. To connect to the Oracle database, you first need to install the PDO_OCI extension. Here are the steps to install the PDO_OCI extension: Make sure
How oracle determines whether a table exists in a stored procedure
Jul 06, 2023 pm 01:20 PM
Oracle's steps to determine whether a table exists in a stored procedure: 1. Use the "user_tables`" system table to query the table information under the current user, compare the incoming table name "p_table_name" with the "table_name" field, and if the conditions are met, then "COUNT(*)" will return a value greater than 0; 2. Use the "SET SERVEROUTPUT ON;" statement and the "EXEC`" keyword to execute the stored procedure and pass in the table name to determine whether the table exists.
