Does oracle have Audit Trail as an inbuilt functionality?
Do i need to create separate table for Audit Log purpose to capture INSERT, UPDATE and DELETE changes?
Yes, Oracle does support auditing. You won't need to create the audit tables yourself, but you will need to configure the audit settings (i.e. which tables/users/queries to audit).
http://download.oracle.com/docs/cd/B28359_01/server.111/b28318/security.htm#i16445
Related
We have an oracle database installed in a Azure Virtual Machine sitting in its own private VNET. We would like to capture the insert, update, delete events happening on the Oracle DB records and feed these events to some kind of queue (Service Bus Queue, Event Grid, Event Hub etc.) which can then be processed by the Azure Function or Azure Logic App.
What will be the best way to capture these events in Azure?
I don't know about the details of Azure, but I would start in the Oracle Database itself by either using the build-in auditing features or custom triggers if you need more control over what must be audited.
If you use the build-in auditing, you will then just select from the auditing views and when using a trigger you will log all the needed auditing information in the trigger and then select from the custom audit tables.
Example for auditing:
create audit policy my_audit_policy actions all on hr.regions;
audit policy my_audit_policy;
Example for trigger:
create trigger aud_regions_trigger
after insert or delete or update
on hr.regions
for each row
begin
-- log data in tables
end;
/
I am trying to investigate some database users that used to exist in the system. I am interested when and who deleted the database user from the oracle database. Does oracle have any table or way to track deleted users?
You can check the DBA_AUDIT_TRAIL or UNIFIED_AUDIT_TRAIL views for records, but if you didn't already have it enabled the audit trail won't have captured what happened and there's no way to find out.
Going forward, if you need to enable it here's a couple of posts on auditing and basic configurations. The first, from my blog, has a quick script for basic audits including account creation and deletion using Unified Auditing:
https://pmdba.wordpress.com/2020/03/10/auditing-by-the-numbers/
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405
https://oracle-base.com/articles/8i/auditing
The first thing to do is enable full Unified Auditing. This introduces several built-in access controls and tools that will make auditing of the database simpler. To enable Unified Auditing, complete the following steps:
Confirm whether or not UA is already enabled. If the response to the
following query is "TRUE", then it is.
SELECT * FROM V$OPTION WHERE
PARAMETER = 'Unified Auditing';
If UA is not enabled, then follow the steps in Section
4.6.13.2 of the Oracle Database Upgrade Guide to turn it on.
Enable basic audit policies:
-- audit granting and revocation of any privilege:
create audit policy stig_grant_privilege_actions actions grant, revoke;
-- audit all OLS administrative actions:
create audit policy stig_ols_admin_actions actions component = OLS all;
-- audit all user logon and logoff attempts:
create audit policy stig_user_logon_actions actions logon, logoff;
-- audit execution of any PL/SQL program unit:
create audit policy stig_execute_plsql_actions actions execute;
-- audit all user administration actions:
create audit policy stig_user_admin_actions actions create user, alter user, drop user, change password;
-- audit any database parameter changes, dynamic or static:
create audit policy stig_db_param_actions actions alter database, alter system, create spfile;
-- apply policies:
audit policy stig_grant_privilege_actions;
audit policy stig_ols_admin_actions;
audit policy stig_user_logon_actions;
audit policy stig_execute_plsql_actions;
audit policy stig_user_admin_actions;
audit policy stig_db_param_actions;
I am using javers-persistence-sql version 3.7.9
I launched the sql script for table creation manually
I need to disable the ddl auto create because the schema that the application uses does not have grants for DDL.
This issue is waiting for a contributor since May 2017
https://github.com/javers/javers/issues/542
Consider contributing a PR
How check from where(sources) data come to table Oracle 11g.
I have table. Some sources insert data to it. I need find all sources.
Check the grants on the table - which database users have the rights to INSERT or UPDATE or DELETE. Check all software that can connect as those users. Good luck.
What Oracle roles/privileges do I need to create a trigger on a table in another schema?
"in another schema?"
CREATE ANY TRIGGER. However, like any ANY privilege, it is VERY dangerous so a DBA is unlikely to give it to you.
The DBA could create that trigger for you or maybe give you the password to that schema to create the trigger there.
GRANT CREATE TRIGGER TO user_class;