Statement auditing along with session audits is another important tracing method for capturing suspicious operations performed by a user. Statement audits apply both for DML and DDL statements.
In this recipe we will implement statement audit and we will create a new table named HR_EMP_DETAILS_AUD
from EMP_DETAILS_VIEW
.
HR
and create table HR_EMP_DETAILS_AUD
as follows:SQL> conn HR Enter password: Connected. SQL> create table hr_emp_details_aud as select * from emp_details_view; Table created.
SMAVRIS
and DRAPHEAL
on the HR_EMP_DETAILS_AUD
table as follows:SQL> grant alter on hr.hr_emp_details_aud to smavris,drapheal; Grant succeeded. Audit succeeded. SQL>
HR
, SMAVRIS
, and DRAPHEAL
, and audit only if the statement returns successfully. As the system
user execute the following statement:SQL> conn HR Enter password: Connected. SQL> audit alter table by HR,SMAVRIS,DRAPHEAL WHENEVER SUCCESS; Audit succeeded.
alter table
statements at instance level whenever successful or unsuccessful, connect and execute as follows:SQL> audit alter table by access;
select table
statements by SMAVRIS
and DRPAHEAL
execute the following:SQL> audit select table by HR,SMAVRIS,DRAPHEAL by access; Audit succeeded. SQL>
SQL> audit all statements by access whenever successful; Audit succeeded. SQL>
DRAPHEAL
and alter the column REGION_NAME
as follows:SQL> Connect DRAPHEAL Enter password: Connected. SQL> alter table hr.hr_emp_details_aud modify region_name varchar2(50); Table altered.
SMAVRIS
and alter the column country_name
and add a column named additional
as follows:SQL> conn SMAVRIS Enter password: Connected. SQL> alter table hr.hr_emp_details_aud modify country_name varchar2(50); Table altered. SQL> SQL> alter table hr.hr_emp_details_aud add additional number; Table altered.
SMAVRIS
issue a count from hr_emp_details_aud
as follows:SQL> select count(*) from hr.hr_emp_details_aud; COUNT(*) ---------- 106 SQL>
additional
from the table hr.hr_emp_details_aud
as follows:SQL> alter table hr.hr_emp_details_aud drop column additional; Table altered. SQL>
3.15.168.214