官方文檔的pl/sql packages寫的比較清楚,這裡翻譯一下
begin
DBMS_FGA.ADD_POLICY (
object_schema => 'HR',
object_name => 'EMPLOYEES',
policy_name => 'mypolicy1',
audit_condition => 'salary<10500 or manager_id<100',
audit_column => 'salary,manager_id',
handler_schema => NULL,
handler_module => NULL,
enable => TRUE,
statement_types => 'INSERT, UPDATE,SELECT',
audit_trail => DBMS_FGA.DB + DBMS_FGA.EXTENDED,
audit_column_opts => DBMS_FGA.ALL_COLUMNS);
end;
預設值表:
其中:
audit_trail:
Setting audit_trail to DBMS_FGA.DB sends the audit trail to the SYS.FGA_LOG$ table in the database and omits SQL Text and SQL Bind.
Setting audit_trail to DBMS_FGA.DB + DBMS_FGA.EXTENDED sends the audit trail to the SYS.FGA_LOG$ table in the database and includes SQL Text and SQL Bind.
Setting audit_trail to DBMS_FGA.XML writes the audit trail in XML files sent to the operating system and omits SQL Text and SQL Bind.
Setting audit_trail to DBMS_FGA.XML + DBMS_FGA.EXTENDED writes the audit trail in XML files sent to the operating system and includes SQL Text and SQL Bind.
清除XML,檢視AUDIT_FILE_DEST ,删除即可;
清除DB級:truncate table sys.fga_log$;
audit_column_opts參數指定下面的情況是否記錄
1當查詢涉及裡面的列(audit_column_opts=dbms_fga.any_columns)都記錄
2僅當所有的列都被涉及(audit_column_opts=dbms_fga.all_columns)才記錄
檢查政策:
select object_schema,object_name,policy_name,policy_text,policy_column,enabled,audit_trail,policy_column_options
from dba_audit_policies;
檢視審計結果:
select timestamp,
db_user,
os_user,
object_schema,
object_name,
sql_text
from dba_fga_audit_trail;
select
db_user,
os_user,
object_schema,
object_name,
sql_text from dba_common_audit_trail