Oracle 12C -- Unified Auditing Policy

最新推荐文章于 2023-01-12 11:18:04 发布
最新推荐文章于 2023-01-12 11:18:04 发布
阅读量223 收藏
点赞数
文章标签: 数据库 java
本文介绍Oracle数据库中的审计策略配置方法,包括策略的创建、启用及条件设置等关键步骤。通过不同级别的审计策略示例,展示如何针对特定操作、用户及条件进行细粒度审计。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

1.审计策略是一组审计选项,用来审计数据库用户

2.创建审计策略需要被授予audit_admin角色(create audit policy ...)

3.可以在CDB、PDB级别创建创建审计策略

4.审计策略被enable之后才能生效。标准的非策略审计不受enable/disable影响

5.创建审计策略必须要指定系统级别或者对象级别的审计选项  

  -系统级别:

    privilege审计选项审计所有的events;action审计选项审计数据库中需要被审计的操作,比如alter trigger;role审计选项审计被直接授予mgr_role的权限      

    privilege、action、role选项可以包含在同一个策略中。系统级别的审计选项可以查看sys.auditable_system_actions表   

SQL> create audit policy audit_mixed_po01 privileges drop any table roles emp_role; 
SQL> select * from sys.auditable_system_actions;

      TYPE COMPONENT                          ACTION NAME
---------- ------------------------------ ---------- ----------------------------------------------------------------
         4 Standard                                1 CREATE TABLE
         4 Standard                                2 INSERT
         4 Standard                                3 SELECT
         4 Standard                                4 CREATE CLUSTER
         4 Standard                                5 ALTER CLUSTER
         4 Standard                                6 UPDATE
         4 Standard                                7 DELETE
         4 Standard                                8 DROP CLUSTER
         4 Standard                                9 CREATE INDEX
         4 Standard                               10 DROP INDEX
         4 Standard                               11 ALTER INDEX
         4 Standard                               12 DROP TABLE
         4 Standard                               13 CREATE SEQUENCE
         4 Standard                               14 ALTER SEQUENCE
         4 Standard                               15 ALTER TABLE
         4 Standard                               16 DROP SEQUENCE
         4 Standard                               19 CREATE SYNONYM
         4 Standard                               20 DROP SYNONYM
         4 Standard                               21 CREATE VIEW
         4 Standard                               22 DROP VIEW
         4 Standard                               23 VALIDATE INDEX
         4 Standard                               24 CREATE PROCEDURE
         4 Standard                               25 ALTER PROCEDURE
         4 Standard                               26 LOCK TABLE
         4 Standard                               28 RENAME
         4 Standard                               29 COMMENT
         4 Standard                               32 CREATE DATABASE LINK
         4 Standard                               33 DROP DATABASE LINK
         4 Standard                               35 ALTER DATABASE
         4 Standard                               36 CREATE ROLLBACK SEGMENT
         4 Standard                               37 ALTER ROLLBACK SEGMENT
         4 Standard                               38 DROP ROLLBACK SEGMENT
         4 Standard                               39 CREATE TABLESPACE
         4 Standard                               40 ALTER TABLESPACE
         4 Standard                               41 DROP TABLESPACE
         4 Standard                               42 ALTER SESSION
         4 Standard                               43 ALTER USER
         4 Standard                               44 COMMIT
         4 Standard                               45 ROLLBACK
         4 Standard                               46 SAVEPOINT
         4 Standard                               48 SET TRANSACTION
         4 Standard                               49 ALTER SYSTEM
         4 Standard                               50 EXPLAIN
         4 Standard                               51 CREATE USER
         4 Standard                               52 CREATE ROLE
         4 Standard                               53 DROP USER
         4 Standard                               54 DROP ROLE
         4 Standard                               55 SET ROLE
         4 Standard                               56 CREATE SCHEMA
         4 Standard                               58 ALTER TRACING
         4 Standard                               59 CREATE TRIGGER
         4 Standard                               60 ALTER TRIGGER
         4 Standard                               61 DROP TRIGGER
         4 Standard                               62 ANALYZE TABLE
         4 Standard                               63 ANALYZE INDEX
         4 Standard                               64 ANALYZE CLUSTER
         4 Standard                               65 CREATE PROFILE
         4 Standard                               66 DROP PROFILE
         4 Standard                               67 ALTER PROFILE
         4 Standard                               68 DROP PROCEDURE
         4 Standard                               70 ALTER RESOURCE COST
         4 Standard                               71 CREATE MATERIALIZED VIEW LOG
         4 Standard                               72 ALTER MATERIALIZED VIEW LOG
         4 Standard                               73 DROP MATERIALIZED VIEW  LOG
         4 Standard                               74 CREATE MATERIALIZED VIEW
         4 Standard                               75 ALTER MATERIALIZED VIEW
         4 Standard                               76 DROP MATERIALIZED VIEW
         4 Standard                               77 CREATE TYPE
         4 Standard                               78 DROP TYPE
         4 Standard                               79 ALTER ROLE
         4 Standard                               80 ALTER TYPE
         4 Standard                               81 CREATE TYPE BODY
         4 Standard                               82 ALTER TYPE BODY
         4 Standard                               83 DROP TYPE BODY
         4 Standard                               84 DROP LIBRARY
         4 Standard                               85 TRUNCATE TABLE
         4 Standard                               86 TRUNCATE CLUSTER
         4 Standard                               88 ALTER VIEW
         4 Standard                               90 SET CONSTRAINTS
         4 Standard                               91 CREATE FUNCTION
         4 Standard                               92 ALTER FUNCTION
         4 Standard                               93 DROP FUNCTION
         4 Standard                               94 CREATE PACKAGE
         4 Standard                               95 ALTER PACKAGE
         4 Standard                               96 DROP PACKAGE
         4 Standard                               97 CREATE PACKAGE BODY
         4 Standard                               98 ALTER PACKAGE BODY
         4 Standard                               99 DROP PACKAGE BODY
         4 Standard                              157 CREATE DIRECTORY
         4 Standard                              158 DROP DIRECTORY
         4 Standard                              159 CREATE LIBRARY
         4 Standard                              160 CREATE JAVA
         4 Standard                              161 ALTER JAVA
         4 Standard                              162 DROP JAVA
         4 Standard                              163 CREATE OPERATOR
         4 Standard                              164 CREATE INDEXTYPE
         4 Standard                              165 DROP INDEXTYPE
         4 Standard                              166 ALTER INDEXTYPE
         4 Standard                              167 DROP OPERATOR
         4 Standard                              168 ASSOCIATE STATISTICS
         4 Standard                              169 DISASSOCIATE STATISTICS
         4 Standard                              170 CALL METHOD
         4 Standard                              171 CREATE SUMMARY
         4 Standard                              172 ALTER SUMMARY
         4 Standard                              173 DROP SUMMARY
         4 Standard                              174 CREATE DIMENSION
         4 Standard                              175 ALTER DIMENSION
         4 Standard                              176 DROP DIMENSION
         4 Standard                              177 CREATE CONTEXT
         4 Standard                              178 DROP CONTEXT
         4 Standard                              179 ALTER OUTLINE
         4 Standard                              180 CREATE OUTLINE
         4 Standard                              181 DROP OUTLINE
         4 Standard                              182 UPDATE INDEXES
         4 Standard                              183 ALTER OPERATOR
         4 Standard                              184 Do not use 184
         4 Standard                              185 Do not use 185
         4 Standard                              186 Do not use 186
         4 Standard                              187 CREATE SPFILE
         4 Standard                              188 CREATE PFILE
         4 Standard                              190 CHANGE PASSWORD
         4 Standard                              191 UPDATE JOIN INDEX
         4 Standard                              192 ALTER SYNONYM
         4 Standard                              193 ALTER DISK GROUP
         4 Standard                              194 CREATE DISK GROUP
         4 Standard                              195 DROP DISK GROUP
         4 Standard                              196 ALTER LIBRARY
         4 Standard                              197 PURGE USER RECYCLEBIN
         4 Standard                              198 PURGE DBA RECYCLEBIN
         4 Standard                              199 PURGE TABLESPACE
         4 Standard                              200 PURGE TABLE
         4 Standard                              201 PURGE INDEX
         4 Standard                              202 UNDROP OBJECT
         4 Standard                              205 FLASHBACK TABLE
         4 Standard                              206 CREATE RESTORE POINT
         4 Standard                              207 DROP RESTORE POINT
         4 Standard                              212 CREATE EDITION
         4 Standard                              214 DROP EDITION
         4 Standard                              215 DROP ASSEMBLY
         4 Standard                              216 CREATE ASSEMBLY
         4 Standard                              217 ALTER ASSEMBLY
         4 Standard                              218 CREATE FLASHBACK ARCHIVE
         4 Standard                              219 ALTER FLASHBACK ARCHIVE
         4 Standard                              220 DROP FLASHBACK ARCHIVE
         4 Standard                              222 CREATE SCHEMA SYNONYM
         4 Standard                              224 DROP SCHEMA SYNONYM
         4 Standard                              225 ALTER DATABASE LINK
         4 Standard                              226 CREATE PLUGGABLE DATABASE
         4 Standard                              227 ALTER PLUGGABLE DATABASE
         4 Standard                              228 DROP PLUGGABLE DATABASE
         4 Standard                              229 CREATE AUDIT POLICY
         4 Standard                              230 ALTER AUDIT POLICY
         4 Standard                              231 DROP AUDIT POLICY
         4 Standard                              238 ADMINISTER KEY MANAGEMENT
         4 Standard                              239 CREATE MATERIALIZED ZONEMAP
         4 Standard                              240 ALTER MATERIALIZED ZONEMAP
         4 Standard                              241 DROP MATERIALIZED ZONEMAP
         4 Standard                               17 GRANT
         4 Standard                               18 REVOKE
         4 Standard                               30 AUDIT
         4 Standard                               31 NOAUDIT
         4 Standard                              100 LOGON
         4 Standard                              101 LOGOFF
         4 Standard                               47 EXECUTE
         4 Standard                              189 MERGE
         4 Standard                              242 ALL
         8 Label Security                          1 APPLY POLICY
         8 Label Security                          2 REMOVE POLICY
         8 Label Security                          3 SET AUTHORIZATION
         8 Label Security                          4 PRIVILEGED ACTION
         8 Label Security                          5 ENABLE POLICY
         8 Label Security                          6 DISABLE POLICY
         8 Label Security                          7 SUBSCRIBE OID
         8 Label Security                          8 UNSUBSCRIBE OID
         8 Label Security                          9 CREATE DATA LABEL
         8 Label Security                         10 ALTER DATA LABEL
         8 Label Security                         11 DROP DATA LABEL
         8 Label Security                         12 CREATE POLICY
         8 Label Security                         13 ALTER POLICY
         8 Label Security                         14 DROP POLICY
         8 Label Security                         15 CREATE LABEL COMPONENTS
         8 Label Security                         16 ALTER LABEL COMPONENTS
         8 Label Security                         17 DROP LABEL COMPONENTS
         8 Label Security                         18 ALL
         6 XS                                      1 CREATE USER
         6 XS                                      2 UPDATE USER
         6 XS                                      3 DELETE USER
         6 XS                                      4 CREATE ROLE
         6 XS                                      5 UPDATE ROLE
         6 XS                                      6 DELETE ROLE
         6 XS                                      7 GRANT ROLE
         6 XS                                      8 REVOKE ROLE
         6 XS                                      9 ADD PROXY
         6 XS                                     10 REMOVE PROXY
         6 XS                                     11 SET USER PASSWORD
         6 XS                                     12 SET USER VERIFIER
         6 XS                                     13 CREATE ROLESET
         6 XS                                     14 UPDATE ROLESET
         6 XS                                     15 DELETE ROLESET
         6 XS                                     16 CREATE SECURITY CLASS
         6 XS                                     17 UPDATE SECURITY CLASS
         6 XS                                     18 DELETE SECURITY CLASS
         6 XS                                     19 CREATE NAMESPACE TEMPLATE
         6 XS                                     20 UPDATE NAMESPACE TEMPLATE
         6 XS                                     21 DELETE NAMESPACE TEMPLATE
         6 XS                                     22 CREATE ACL
         6 XS                                     23 UPDATE ACL
         6 XS                                     24 DELETE ACL
         6 XS                                     25 CREATE DATA SECURITY
         6 XS                                     26 UPDATE DATA SECURITY
         6 XS                                     27 DELETE DATA SECURITY
         6 XS                                     28 ENABLE DATA SECURITY
         6 XS                                     29 DISABLE DATA SECURITY
         6 XS                                     30 ADD GLOBAL CALLBACK
         6 XS                                     31 DELETE GLOBAL CALLBACK
         6 XS                                     32 ENABLE GLOBAL CALLBACK
         6 XS                                     33 ENABLE ROLE
         6 XS                                     34 DISABLE ROLE
         6 XS                                     35 SET COOKIE
         6 XS                                     36 SET INACTIVE TIMEOUT
         6 XS                                     37 CREATE SESSION
         6 XS                                     38 DESTROY SESSION
         6 XS                                     39 SWITCH USER
         6 XS                                     40 ASSIGN USER
         6 XS                                     41 CREATE SESSION NAMESPACE
         6 XS                                     42 DELETE SESSION NAMESPACE
         6 XS                                     43 CREATE NAMESPACE ATTRIBUTE
         6 XS                                     44 GET NAMESPACE ATTRIBUTE
         6 XS                                     45 SET NAMESPACE ATTRIBUTE
         6 XS                                     46 DELETE NAMESPACE ATTRIBUTE
         6 XS                                     47 SET USER PROFILE
         6 XS                                     48 ALL
        10 Datapump                                1 EXPORT
        10 Datapump                                2 IMPORT
        10 Datapump                                3 ALL
         7 Database Vault                          1 REALM VIOLATION
         7 Database Vault                          2 REALM SUCCESS
         7 Database Vault                          3 REALM ACCESS
         7 Database Vault                          4 RULE SET FAILURE
         7 Database Vault                          5 RULE SET SUCCESS
         7 Database Vault                          6 RULE SET EVAL
         7 Database Vault                          7 FACTOR ERROR
         7 Database Vault                          8 FACTOR NULL
         7 Database Vault                          9 FACTOR VALIDATE ERROR
         7 Database Vault                         10 FACTOR VALIDATE FALSE
         7 Database Vault                         11 FACTOR TRUST LEVEL NULL
         7 Database Vault                         12 FACTOR TRUST LEVEL NEG
         7 Database Vault                         13 FACTOR ALL
        11 Direct path API                         1 LOAD
        11 Direct path API                         2 ALL

  -对象级别:是动态的。修改后对当前用户和后期用户都会生效。      

SQL> create audit policy audit_objpriv_po02 actions execute,grant on hr.raise_salary_proc;

   -condition和evaluation:    

SQL> create audit policy audit_mixed_po03 actions rename on hr.employees, alter on hr.jobs,when 'SYS_CONTEXT(''USERNAME'',''SESSION_USER'')=''JIM''' evaluate per session;

6.开启审计策略

SQL> audit policy audit_syspriv_po01;#对所有用户都生效
SQL> audit policy audit_po02 by scott,hr;#只对scott,hr用户生效
SQL> audit policy audit_po03 by sys;#只是对sys用户生效
SQL> audit policy audit_po04 except jim,scott;#jim,scott除外

 

oracle 12c 审计日志,Oracle 12c 统一审计Unified Auditing--基础篇
weixin_42492233的博客
04-03 1170
Oracle 12c 统一审计(Unified Auditing)版权声明:本文为博主原创文章,转载请注明出处,谢谢。http://blog.youkuaiyun.com/lukeunique本章主要针对统一审计(Unified Auditing)的一些基础知识,进行概要的讲解和回顾。审计(Auditing)审计功能(Audit)用于监视用户所执行的数据库操作,并且Oracle会将审计跟踪结果存放指定的地方。...
Oracle 12c-ocm 题库 skillset2
03-29
### Oracle 12c-OCM题库skillset2 #### 1. 注册数据库至恢复目录 在Oracle 12c中,使用RMAN(Recovery Manager)注册数据库至恢复目录的过程是十分关键的,因为这能帮助管理员更有效地进行数据保护和恢复操作。...
ORACLE12C 开启统一审计
11-20
unified auditing ,oracle 12c 以后开启归档的方法。包括了开启,关闭,rman,DML审计
Oracle Audit 审计 说明
热门推荐
David Dai -- Focus on Oracle
10-22 2万+
一. 官网说明1.1 Oracle 11gR2 conceptsFrom:http://download.oracle.com/docs/cd/E11882_01/server.112/e17120/ds_concepts003.htm#ADMIN12108 1.1.1 Database Auditing       Databaseauditing is the monitoring and
Oracle Auditing Policy
iteye_10944的博客
12-24 235
Auditing Policy Security administrators should define a policy for the auditing procedures of each database. You may decide to have database auditing disabled unless questionable activities are s...
Oracle12C)审计机制
youmeyoume2165的博客
08-19 915
在创建新的Oracle Database 12c数据库时,默认情况下为混合模式审计
Oracle 12c统一审计
weixin_43524921的博客
08-30 818
Oracle 12c统一审计 Oracle Database 12c 推出一套全新的审计架构,称为统一审计功能。统一审计主要利用策略和条件在 Oracle 数据库内部有选择地执行有效的审计。新架构将现有审计跟踪统一为单一审计跟踪,从而简化了管理,提高了数据库生成的审计数据的安全性。 默认开启审计策略 12c数据库中预先定义了一些审计策略,可以通过auditunifiedenabled_polic...
oracle12c-client-windows64位官方安装包
最新发布
01-13
Oracle 12c 客户端是甲骨文公司推出的企业级关系型数据库管理系统 Oracle Database 12c 的客户端软件。该软件为用户提供了一个用户友好的界面,通过这个界面,用户可以轻松地连接到运行在不同操作系统上的 Oracle ...
Oracle 12c-备份恢复学习实践手册合集
06-24
Oracle 12c 闪回技术 Flashback Database.pdf Oracle 12c 闪回技术 Oracle Flashback技术.pdf Oracle 12c 管理UNDO.pdf Oracle 12c 数据库备份和恢复概述.pdf Oracle 12c 用户管理的备份和恢复.pdf Oracle 12c SCN...
Oracle 12c-ocm 题库 skillset5
03-29
Oracle 12c是甲骨文公司推出的一款企业级关系型数据库管理系统,它提供了许多先进的特性,包括多租户架构、安全性增强、云服务、数据压缩和信息生命周期管理等。OCM(Oracle Certified Master)是甲骨文公司推出的...
Oracle审计功能解读
09-25
Oracle审计功能解读,用于记录数据库中表的数据变化,如增、删除、改、查等操作记录。可以记录对数据库对象的所有操作。什么时候,什么用户对什么对象进行了什么类型的操作。
oracle 12开启审计
雨花石
01-12 1247
创建所有对象审计策略12c 默认开启混合模式审计)为特定用户 启用审计策略
oracle12c审计功能,Oracle 11g与12c的审计详解
weixin_39881155的博客
04-09 793
两种审计模式还有一个共同的视图可以看:DBA_COMMON_AUDIT_TRAIL,包含了标准+精细审计的记录。truncate table aud$; --可以截断相关表,清理审计数据。查看dba_common_audit_trail(包含标准和精细审计的记录)可以看到记录的主要字段包含:SESSION_ID:会话ID,并非实际数据库会话的id,应该只是一个自增的IDEXTENDED_TIMES...
Oracle 12c 新特性 --- 新增对数据泵操作的审计跟踪
leo__1990的博客
05-14 411
概念 Oracle Data Pump commands can now be audited. This provides more complete auditing of operations performed against the database. 现在可以对Oracle数据泵的命令进行审计。这为对数据库执行的操作提供了更完整的审计。 About Auditing Ora...
oracle12c审计功能,oracle 12c开启关闭统一审计
weixin_32281549的博客
04-09 1022
--------------------开启统一审计-------------------------------------------SQL> conn /as sysdbaSQL> shutdown immediateSQL> exit$ lsnrctl stop$ cd $ORACLE_HOME/rdbms/lib$ make -f ins_rdbms.mk uniaud...
oracle12c的c,Oracle12.2c统一审计(unified auditing)六问
weixin_33462540的博客
04-03 585
概述统一审计体系是Oracle12c推出的新的日志体系。12.1和12.2虽然都属于该体系,但是12.1与12.2版本相比,明显给人一种半成品的感觉。包括基表,删除行为等方面存在较大差异,有兴趣的可以去了解一下,本文主要以12.2讲述。1.什么是统一审计?2.如何检查统一审计是否开启?3.审计数据落盘策略是什么?4.如何将操作系统上的审计数据写入数据库统一审计文件中?5.删除审计的两种方法?6....
Oracle 12C -- 删除audit policy
weixin_34318956的博客
12-07 484
删除之前,必须将policy disable掉;然后再删除 SQL> noaudit policy audit_sysprvi_po01; SQL> drop audit policy audit_sysprvi_po01;  
ORACLE数据库管理-审计
oradbm的博客
11-28 765
1 审计类型 强制审计 标准审计 标准审计主要包括: 触发器审计 精细化审计 1 语句级审计,指定数据库对象的所有活动的一种审计。 2 权限级审计审计某种权限。 3 对象级审计审计特定表上面的活动。 初始化参数audit_TRAIL设置为ture,可以启用标准审计。 测试范例: DELETE t1 where nv...
系统管理Lesson 11. Implementing Oracle Database Auditing
喝醉酒的小白
09-25 4630
系统管理Lesson 11. Implementing Oracle Database Auditing1. Oracle 数据库的哪些活动是可以被审计?2. 12c 支持的审计方式有哪几种?3. 用户账户要具备哪些系统权限才能管理审计活动?4. 什么是 Oracle 数据库的统一审计?5. 如何启动 12c 的统一审计功能?6. 可以配置哪些类型的系统级别的审计?7. 系统所产生的审计线索是如何从 SGA 写入 SYSAUD 审计表的?8. 请解释什么是细粒度审计(FGA)?9. 严格的审计制度是保证数据
1Z0-063 Oracle 12c Advanced Administration: Exam Tips & Unified Auditing Insights
题目1探讨了统一审计Unified Auditing)的相关知识点。统一审计是一种全面的审计解决方案,它从统一的审计策略和设置中收集审计信息,确保对数据库操作的完整记录。选项A正确,因为统一审计追踪器确实会捕获来自...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值