Auditing Database Access

转自:http://www.dbspecialists.com/december-2003.html

Ask DB Specialists: Auditing Database Access

We've been testing the AUDIT feature on our Oracle 8.1.7 instance. We entered AUDIT ALL, AUDIT INSERT TABLE BY username, AUDIT UPDATE TABLE BY username, AUDIT DELETE TABLE BY username, and a number of other statements not included in the "ALL" designation.

Logging on as "username", we then ran a number of SQL statements against the database via SQL*Plus. An entry for most of them shows up in SYS.AUD$ for each test we ran, but out of the nine tests ran over three days, only one entry for INSERT, UPDATE, and DELETE can be found. We have spool files of the SQL statements run to verify that the statements did actually execute. What could be the problem?

Terry Sutton of the Database Specialists team responds: When you establish auditing of statements for a user using AUDIT INSERT TABLE BY username, etc., the default of "BY SESSION" auditing is used. This means that in the AUD$ table (or DBA_AUDIT_TRAIL view), one row appears for each table on which an audited action is performed in each of the user's sessions. If 1000 inserts and 70 deletes are performed on a table in one session, only one row will appear in the DBA_AUDIT_TRAIL view.

If you query DBA_AUDIT_TRAIL like this:

 

SELECT obj_name, sessionid, username, ses_actions, timestamp
FROM   dba_audit_trail;you'll get a result like (columns have been shortened for readability):

OBJ_NAME  SESSIONID USERNAME SES_ACTIONS         TIMESTAMP
-------- ---------- -------- ------------------- ------------------
EMP          328523 TSUTTON  ---S--S---S-----    04-NOV-03 14:28:12
DEPT         328523 TSUTTON  ------S---------    04-NOV-03 14:28:17
DEPT         328549 TSUTTON  ---S------------    04-NOV-03 15:28:41
DEPT         328551 TSUTTON  ------S---B-----    04-NOV-03 15:30:49
EMP          328551 TSUTTON  ------S---------    04-NOV-03 15:32:22
DEPT         328552 TSUTTON  ----------F-----    04-NOV-03 15:35:02
EMP          328552 TSUTTON  ------S---------    04-NOV-03 15:39:44
The TIMESTAMP column indicates the time of the first audited action within the session. The SES_ACTIONS column is a session summary—a string of 16 characters, one for each action type in the order ALTER, AUDIT, COMMENT, DELETE, GRANT, INDEX, INSERT, LOCK, RENAME, SELECT, UPDATE, REFERENCES, EXECUTE, READ. (Positions 15, and 16 are reserved for future use). The characters are: - for none, S for success, F for failure, and B for both.

So we can see that the first session performed delete(s), insert(s), and update(s) on the EMP table and insert(s) on the DEPT table. The fourth session (328552) failed trying to update the DEPT table (eleventh character of the string is 'F'). The third session (328551) had both successes and failures while performing updates (eleventh character of the string is 'B'). There is no way of knowing if there were one or one million of any of these actions.

If you want more detail on the user actions, then you can use the "BY ACCESS" auditing option, as in AUDIT INSERT TABLE BY username BY ACCESS.

If you query DBA_AUDIT_TRAIL like this:

 

SELECT action_name, obj_name, username, timestamp
FROM   dba_audit_trail;
you'll get a result like:

ACTION_NAME  OBJ_NAME    SESSIONID USERNAME  TIMESTAMP
------------ ---------   --------- ----------------------------
SESSION REC  EMP         328523    TSUTTON   04-NOV-03 14:28:12
SESSION REC  DEPT        328523    TSUTTON   04-NOV-03 14:28:17
SESSION REC  DEPT        328549    TSUTTON   04-NOV-03 15:28:41
SESSION REC  DEPT        328551    TSUTTON   04-NOV-03 15:30:49
SESSION REC  EMP         328551    TSUTTON   04-NOV-03 15:32:22
SESSION REC  DEPT        328552    TSUTTON   04-NOV-03 15:35:02
SESSION REC  EMP         328552    TSUTTON   04-NOV-03 15:39:44
INSERT       PRODUCT     328561    BWILLIAMS 04-NOV-03 15:47:53
DELETE       PRODUCT     328561    BWILLIAMS 04-NOV-03 15:48:16
INSERT       PRODUCT     328587    BWILLIAMS 04-NOV-03 16:50:31
INSERT       PRODUCT     328587    BWILLIAMS 04-NOV-03 16:50:37
INSERT       PRODUCT     328587    BWILLIAMS 04-NOV-03 16:51:56
The user TSUTTON had auditing set up BY SESSION and we see that the ACTION_NAME appears as 'SESSION REC' in each case, which shows that auditing is being done at the session level. The user BWILLIAMS had auditing set at the access level, and here we see a listing of every insert and delete, along with the timestamp of the action, even though several inserts were performed on the same table in the same session.

You can see that you get much more detail with BY ACCESS auditing. But, of course, there is a price to pay. Every audited action adds a row to the AUD$ table (which DBA_AUDIT_TRAIL is a view of), and this table will get huge if there is a lot of audited activity. So, it will need to be watched and probably pruned occasionally.

 

时间: 2024-11-25 17:37:02

Auditing Database Access的相关文章

什么是DAO Database Access Object_应用技巧

DAO(Database Access Object)使用Microsoft Jet数据库引擎来访问数据库. Microsoft Jet为象Access和Visual Basic这样的产品提供了数据引擎. 与ODBC一样,DAO提供了一组API供编程使用.MFC也提供了一组DAO类,封装了 底层的API,从而大大简化了程序的开发.利用MFC的DAO类,用户可以编写独立于 DBMS的应用程序. DAO是从Visual C++4.0版开始引入的.一般地讲,DAO类提供了比ODBC类更广 泛的支持.一

oracle database access object

access|object|oracle  Calling example:<? $conn = OCILogon("www_cec", "webchn99", "unicorn");#or you can just inclued file like "include("modcec_OCI_conn.php3");" $newOda= new ODA($conn);################

microsoft access-找不到Microsoft Access()ODBCD驱动程序的安装历程。请重新安装驱动程序

问题描述 找不到Microsoft Access()ODBCD驱动程序的安装历程.请重新安装驱动程序 我的情况如图,找不到ACCESS选项.目前我已查到这是由于32位的office和64位的WIN7系统体系结构不一致照成的.1,我安装了这个还是没用DataBase Access Engin2打开C:WindowsSysWOW64里面有个odbcad32.exe还是不管用.

PHP中通过ADO调用Access数据库

access|ado|数据|数据库 我看了那篇<怎样在PHP中通过ADO调用Asscess数据库和COM程序>文章后,马上作了测试,结果失败了.伤心是不是. 怎么办?我只好去PHP官方网站求助,皇天不负有心人,终于我找到了答案-- 具体的解决方法如下: (1)进入http://php.weblogs.com/adodb,下载相应的ZIP包:同MICROSOFT公司的ADO一样,该东东用PHP实现ADO同各种各样数据库打交道(太好了,所有类型的数据库都能处理). (2)解包,里面文件很多,不过有

ACCESS数据库访问组件(二)

access|访问|数据|数据库 ACCESS数据库访问组件(二)ACCESS_Table.cs using System; namespace XLang.VideoOnline.Framework.Database.Access{ /// <summary> /// Summary description for ACCESS_DataTable. /// </summary> public class DataTable:System.Data.DataTable { pri

Tutorial for migrating data from MS Access to MySQL(英文的哦,要有思想准备)

access|mysql Tutorial for migrating data from MS Access to MySQL One of the main reasons I started FreeSQL.org is to open up newbie users to the wide world of enterprise-level database access. One of the most common questions I'm asked is "how do I u

ACCESS数据库访问组件(一)

access|访问|数据|数据库 ACCESS数据库访问组件(一)ACCESS_Database.cs using System;using System.Data;using System.Data.OleDb;using System.Collections; namespace XLang.VideoOnline.Framework.Database.Access{ /// <summary> /// XLang.VideoOnline.Framework.Database is des

ACCESS数据库访问组件(三)

access|访问|数据|数据库 using System;using System.Data;using System.Data.OleDb;using System.Collections; namespace XLang.VideoOnline.Framework.Database.Access{ /// <summary> /// Summary description for ACCESS_DataTablesCollection. /// </summary> publ

ACCESS数据库访问组件(四)

access|访问|数据|数据库 using System;using System.Data;using System.Data.OleDb;using System.Collections; namespace XLang.VideoOnline.Framework.Database.Access{ /// <summary> /// Summary description for ACCESS_DataViewsCollection. /// </summary> publi