FLASHBACK ARCHIVE ADMINISTER BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
......
[Oracle@rhel6 ~]$ sqlplus scott/tiger
......
sys@TEST>select username,timestamp,priv_used from dba_audit_trail where priv_used is not null;
USERNAME TIMESTAMP PRIV_USED
------------------------------ ------------------- ------------------------------------------------------------------------------------------------------------------------
SCOTT 2017-04-24 23:18:02 CREATE SESSION
3)Schema Object Auditing(对象审计)
审计对SCOTT.EMP表的select操作
sys@TEST>audit select on scott.emp;
Audit succeeded.
sys@TEST>select * from dba_obj_audit_opts;
OWNER OBJECT_NAM OBJECT_TYPE ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE CRE REA WRI FBK
---------- ---------- ------------------------------ ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- ----- -----
SCOTT EMP TABLE -/- -/- -/- -/- -/- -/- -/- -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
scott@TEST>select ename from emp;
ENAME
------------------------------
SMITH
ALLEN
......
sys@TEST>select timestamp,sql_text from dba_audit_trail;
TIMESTAMP SQL_TEXT
------------------- --------------------------------------------------------------------------------
2017-04-24 23:24:28 select ename from emp
AUD$位于SYSTEM表空间,基于Oracle的稳定性及性能考虑,可以将审计相关的表移动到其他表空间。
alter table audit$ move tablespace <tablespace_name>;
alter index i_audit rebuild online tablespace <tablespace_name>;
alter table audit_actions move tablespace <tablespace_name>;
alter index i_audit_actions rebuild online tablespace <tablespace_name>;
官方文档:#CHDJBDHJ