Oracle Auditing - How to audit by user
Hi:
l've read through information about Oracle auditing and have a question. I would like to audit by user but the issue is that all the users (engineers) log on with the same user name and password. I can see their OS_USERNAME which tells me which engineer is logging in as the schema owner. We basically need to log any select, insert, update, delete, drop, etc. in a schema and be able to trace it back to a particular person since the application and all the software engineers all have the same USERNAME in the dba_audit_trail table. I have audit_trail = db,extended and we are on Oracle Enterprise 11.2.0.2. I see that the SQL_TEXT and SQL_BIND aren't populated most of the time either - why is this? The Oracle manual says "The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to db,extended." so is there something I'm missing?
Thank you for any suggestions.
l've read through information about Oracle auditing and have a question. I would like to audit by user but the issue is that all the users (engineers) log on with the same user name and password. I can see their OS_USERNAME which tells me which engineer is logging in as the schema owner. We basically need to log any select, insert, update, delete, drop, etc. in a schema and be able to trace it back to a particular person since the application and all the software engineers all have the same USERNAME in the dba_audit_trail table. I have audit_trail = db,extended and we are on Oracle Enterprise 11.2.0.2. I see that the SQL_TEXT and SQL_BIND aren't populated most of the time either - why is this? The Oracle manual says "The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to db,extended." so is there something I'm missing?
Thank you for any suggestions.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi:
I did stop and restart the db - I set it up as db, extended when I first configured Oracle and the server has been restarted many times since. I tried the auditing by access and just get this in the sql_text when I test changing something as SCOTT in the test schema:
audit all by SCOTT by access
so I turned that off for now. I'll try your audit statements
Thanks.
I did stop and restart the db - I set it up as db, extended when I first configured Oracle and the server has been restarted many times since. I tried the auditing by access and just get this in the sql_text when I test changing something as SCOTT in the test schema:
audit all by SCOTT by access
so I turned that off for now. I'll try your audit statements
Thanks.
AUDIT ALL won't include SELECT ANY TABLE
ASKER
I'm now seeing the SQL_TEXT and SQL_BIND columns populated after I ran
SQL> audit select table, insert table, update table, delete table by SCHEMAOWNER;
It shows as auditing:
SUCCESS FAILURE
---------- ----------
BY SESSION BY SESSION
Thanks.
SQL> audit select table, insert table, update table, delete table by SCHEMAOWNER;
It shows as auditing:
SUCCESS FAILURE
---------- ----------
BY SESSION BY SESSION
Thanks.
Great. If you are satisfied, please remember to close the question, thanks!
As far as OS user, that should be in OS_USERNAME field of DBA_AUDIT_TRAIL