Oracle Auditing - How to audit by user

szadba
szadba used Ask the Experts™
on
Hi:
l've read through information about Oracle auditing and have a question. I would like to audit by user but the issue is that all the users (engineers) log on with the same user name and password. I can see their OS_USERNAME which tells me which engineer is logging in as the schema owner.  We basically need to log any select, insert, update, delete, drop, etc. in a schema and be able to trace it back to a particular person since the application and all the software engineers all have the same USERNAME in the dba_audit_trail table. I have audit_trail = db,extended and we are on Oracle Enterprise 11.2.0.2.    I see that the SQL_TEXT and SQL_BIND aren't populated most of the time either - why is this? The Oracle manual says "The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to db,extended."   so is there something I'm missing?
Thank you for any suggestions.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2009

Commented:
Did you restart the db once you changed audit_trail param value? This is required.

As far as OS user, that should be in OS_USERNAME field of DBA_AUDIT_TRAIL
Top Expert 2009
Commented:
Also, if that still doesn't work, see what is in effect for the that user:

select * from DBA_STMT_AUDIT_OPTS where user_name = 'MSMITH';


It should include SELECT TABLE


If not, try:

  audit select table by <user>;

Author

Commented:
Hi:
I did stop and restart the db - I set it up as db, extended when I first configured Oracle and the server has been restarted many times since.  I tried the auditing by access and just get this in the sql_text when I test changing something as SCOTT in the test schema:
audit all by SCOTT by access  
so I turned that off for now.  I'll try your audit statements
Thanks.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2009

Commented:
AUDIT ALL won't include SELECT ANY TABLE

Author

Commented:
I'm now seeing the SQL_TEXT and SQL_BIND columns populated after I ran
SQL> audit select table, insert table, update table, delete table by SCHEMAOWNER;
It shows as auditing:

SUCCESS    FAILURE
---------- ----------

BY SESSION BY SESSION

Thanks.
Top Expert 2009

Commented:
Great. If you are satisfied, please remember to close the question, thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial