柚子快報激活碼778899分享：Oracle數(shù)據(jù)庫 dba

http://yzkb.51969.com/

dba_audit_trail

Oracle 中的DBA_AUDIT_TRAIL 視圖能夠顯示數(shù)據(jù)庫審計數(shù)據(jù)，包括用戶會話中執(zhí)行的SQL和操作，如SELECT、INSERT等以及每一次登錄數(shù)據(jù)庫所執(zhí)行的操作。

DBA_AUDIT_TRAIL 視圖可以用來診斷數(shù)據(jù)庫性能，檢測用戶的安全行為，幫助符合合規(guī)要求。

使用此視圖的步驟如下：

登錄到Oracle 數(shù)據(jù)庫中，有相關(guān)權(quán)限的用戶；搜索DBA_AUDIT_TRAIL視圖；編寫SQL語句，獲取要查看的數(shù)據(jù)；運(yùn)行SQL語句，查看所需的數(shù)據(jù)添加/修改/刪除視圖中的數(shù)據(jù)將數(shù)據(jù)另存為報表，以便進(jìn)一步分析數(shù)據(jù)

官方英文解釋

DBA_AUDIT_TRAIL displays all standard audit trail entries.

Note:

This view is relevant when using traditional auditing. Traditional auditing is deprecated in Oracle Database 21c. Oracle recommends that you instead use unified auditing, which enables selective and more effective auditing inside Oracle Database.

See Oracle Database Security Guide for more information about unified auditing.See Oracle Database Upgrade Guide for more information about migrating to unified auditing.

This view is populated only in an Oracle Database where unified auditing is not enabled. When unified auditing is enabled in Oracle Database, the audit records are populated in the new audit trail and can be viewed from UNIFIED_AUDIT_TRAIL.

USER_AUDIT_TRAIL displays the standard audit trail entries related to the current user.

ColumnDatatypeNULLDescriptionOS_USERNAMEVARCHAR2(255)Operating system login username of the user whose actions were auditedUSERNAMEVARCHAR2(128)Name (not ID number) of the user whose actions were auditedUSERHOSTVARCHAR2(128)Client host machine nameTERMINALVARCHAR2(255)Identifier of the user’s terminalTIMESTAMPDATEDate and time of the creation of the audit trail entry (date and time of user login for entries created by AUDIT SESSION) in the local database session time zoneOWNERVARCHAR2(128)Creator of the object affected by the actionOBJ_NAMEVARCHAR2(128)Name of the object affected by the actionACTIONNUMBERNOT NULLNumeric action type code. The corresponding name of the action type is in the ACTION_NAME column.ACTION_NAMEVARCHAR2(28)Name of the action type corresponding to the numeric code in the ACTION columnNEW_OWNERVARCHAR2(128)Owner of the object named in the NEW_NAME columnNEW_NAMEVARCHAR2(128)New name of the object after a RENAME or the name of the underlying objectOBJ_PRIVILEGEVARCHAR2(32)Object privileges granted or revoked by a GRANT or REVOKE statement. The value of this column is a 32-character string of Y and dash (-) characters. Each character corresponds to a numbered privilege in the following list. The left-most character corresponds to privilege 0, the next character corresponds to privilege 1, and so on. The right-most character corresponds to privilege 31.0 – ALTER1 – AUDIT2 – COMMENT3 – DELETE4 – GRANT5 – INDEX6 – INSERT7 – LOCK8 – CREATE9 – SELECT10 – UPDATE11 – REFERENCES12 – EXECUTE13 – VIEW14 – DROP15 – ANALYZE16 – CREATE17 – READ18 – WRITE19 – KEEP SEQUENCE20 – ENQUEUE21 – DEQUEUE22 – UNDER23 – ON COMMIT24 – REWRITE25 – UPSERT26 – DEBUG27 – FLASHBACK28 – MERGE29 – USE30 – FLASHBACK ARCHIVE31 – DIRECTORY EXECUTEA Y indicates that the privilege was granted or revoked by the statement. A dash indicates that the privilege was not affected by the statement. For example, the following value indicates that the MERGE privilege was granted or revoked by the statement:----------------------------Y---SYS_PRIVILEGEVARCHAR2(40)System privileges granted or revoked by a GRANT or REVOKE statementADMIN_OPTIONVARCHAR2(1)Indicates whether the role or system privilege was granted with the ADMIN optionGRANTEEVARCHAR2(128)Name of the grantee specified in a GRANT or REVOKE statementAUDIT_OPTIONVARCHAR2(40)Auditing option set with the AUDIT statementSES_ACTIONSVARCHAR2(19)Session summary (a string of 16 characters, one for each action type in the order ALTER, AUDIT, COMMENT, DELETE, GRANT, INDEX, INSERT, LOCK, RENAME, SELECT, UPDATE, REFERENCES, and EXECUTE). Positions 14, 15, and 16 are reserved for future use. The characters are:- – NoneS – SuccessF – FailureB – BothLOGOFF_TIMEDATEDate and time of user log offLOGOFF_LREADNUMBERLogical reads for the sessionLOGOFF_PREADNUMBERPhysical reads for the sessionLOGOFF_LWRITENUMBERLogical writes for the sessionLOGOFF_DLOCKVARCHAR2(40)Deadlocks detected during the sessionCOMMENT_TEXTVARCHAR2(4000)Text comment on the audit trail entry, providing more information about the statement auditedAlso indicates how the user or remote call was authenticated. The method can be one of the following:DATABASE – Authentication was done by passwordNETWORK – Authentication was done by Oracle Net Services or strong authenticationPROXY – Client was authenticated by another user; the name of the proxy user follows the method typeWhen an object is accessed remotely over a database link, the COMMENT_TEXT column also captures the information about the database link. For example:DBLINK_INFO: (SOURCE_GLOBAL_NAME=view02.regress.rdbms.dev.us.example.com, DBLINK_NAME=VIEW05_LINK.REGRESS.RDBMS.DEV.US.EXAMPLE.COM, SOURCE_AUDIT_SESSIONID=250805)SESSIONIDNUMBERNOT NULLNumeric ID for each Oracle session. Each user session gets a unique session ID.ENTRYIDNUMBERNOT NULLNumeric ID for each audit trail entry in the session. The entry ID is an index of a session’s audit entries that starts at 1 and increases to the number of entries that are written.STATEMENTIDNUMBERNOT NULLnth statement in the user session. The first SQL statement gets a value of 1 and the value is incremented for each subsequent SQL statement. Note that one SQL statement can create more than one audit trail entry (for example, when more than one object is audited from the same SQL statement), and in this case the statement ID remains the same for that statement and the entry ID increases for each audit trail entry created by the statement.RETURNCODENUMBERNOT NULLOracle error code generated by the action. Some useful values:0 – Action succeeded2004 – Security violationPRIV_USEDVARCHAR2(40)System privilege used to execute the actionCLIENT_IDVARCHAR2(128)Client identifier in each Oracle sessionECONTEXT_IDVARCHAR2(64)Application execution context identifierSESSION_CPUNUMBERAmount of CPU time used by each Oracle session (in centiseconds)EXTENDED_TIMESTAMPTIMESTAMP(6) WITH TIME ZONETimestamp of the creation of the audit trail entry (timestamp of user login for entries created by AUDIT SESSION) in UTC (Coordinated Universal Time) time zonePROXY_SESSIONIDNUMBERProxy session serial number, if an enterprise user has logged in through the proxy mechanismGLOBAL_UIDVARCHAR2(32)Global user identifier for the user, if the user has logged in as an enterprise userINSTANCE_NUMBERNUMBERInstance number as specified by the INSTANCE_NUMBER initialization parameterOS_PROCESSVARCHAR2(16)Operating System process identifier of the Oracle processTRANSACTIONIDRAW(8)Transaction identifier of the transaction in which the object is accessed or modifiedSCNNUMBERSystem change number (SCN) of the creation of the audit trail entrySQL_BINDNVARCHAR2(2000)Bind variable data of the querySQL_TEXTNVARCHAR2(2000)SQL text of the queryOBJ_EDITION_NAMEVARCHAR2(128)Name of the edition containing the audited objectDBIDNUMBERDatabase identifier of the audited databaseRLS_INFOCLOBStores virtual private database (VPD) policy names and predicates separated by delimiter.To format the output into individual rows, use the DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_STD function.CURRENT_USERVARCHAR2(128)Effective user for the statement execution

Note:

The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to db, extended.

See Also:

“AUDIT_TRAIL”“USER_AUDIT_TRAIL”O(jiān)racle Database PL/SQL Packages and Types Reference for more information about the DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_XML function.

柚子快報激活碼778899分享：Oracle數(shù)據(jù)庫 dba

http://yzkb.51969.com/

相關(guān)鏈接