| CUSTOMIZED AUDITING [message #201084] |
Thu, 02 November 2006 08:10 |
suvv
Messages: 17
Registered: October 2006
|
Junior Member |
|
|
We are looking at solution alternatives for a 'customized auditing'requirement, whereby we with to log GRANT/REVOKE statements made. In addition to the columns that out-of-box Oracle auditing would provide through SYS.AUD$, and its associated views (eg: DBA_AUDIT_TRAIL), we wish to record 2 additional 'custom' attributes - (1) TicketID and(2) BusinessReason for making the privilege change. Our front-end
interface that issues the GRANTS and REVOKES provides for collecting the custom attribute values, which we currently 'store' by setting public property values in a package.Our initial idea was to write an After Insert trigger on SYS.AUD$, but ORA-04089 disallows this, and for good reason !!
We're now considering writing 'AFTER GRANT ON DATABASE' and 'AFTER REVOKE ON DATABASE' database event triggers. This certainly can be done. If possible, in addition to our TicketID and BusinessReason custom attributes, we'd like to record whatever columns are needed to allow for 'linking to' the associated SYS.AUD$ row that is written if appopriate Oracle auditing is turned on. In this way, we would have access to the detailed attributes captured in SYS.AUD$.
There are 2 fundamental questions:
1. Would the associated SYS.AUD$ rows be in the table at the time our database event triggers are being performed ?
2. What set of columns from SYS.AUD$ would support the 'linking' capability ?
Thank-you,
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
