Oracle dbms_fga

Starting with Oracle9i you'll see a more sophisticated auditing mechanism using the dbms_fga package. The dbms_fga package allows you to specify the auditing rules for a particular column of a table and report on anyone whose queries match the criteria.

Let's look at a simple example of dbms_fga:

connect pubs/pubs

exec dbms_fga.drop_policy( -
object_schema => 'PUBS', -
object_name => 'BOOK', -
policy_name => 'EXPENSIVE_BOOKS' -
);

begin
dbms_fga.add_policy(
object_schema => 'PUBS',
object_name => 'BOOK',
policy_name => 'EXPENSIVE_BOOKS',
audit_condition => 'BOOK_RETAIL_PRICE>=50',
audit_column => 'BOOK_TITLE',
handler_schema => null,
handler_module => null,
enable => true
);
end;
/
 

Description of the DBMS_FGA package:

PROCEDURE DBMS_FGA.ADD_POLICY
 Argument Name                  Type                    In/Out Default?
 ------------------------------ ----------------------- ------ --------
 OBJECT_SCHEMA                  VARCHAR2                IN     DEFAULT
 OBJECT_NAME                    VARCHAR2                IN
 POLICY_NAME                    VARCHAR2                IN
 AUDIT_CONDITION                VARCHAR2                IN     DEFAULT
 AUDIT_COLUMN                   VARCHAR2                IN     DEFAULT
 HANDLER_SCHEMA                 VARCHAR2                IN     DEFAULT
 HANDLER_MODULE                 VARCHAR2                IN     DEFAULT
 ENABLE                         BOOLEAN                 IN     DEFAULT
 STATEMENT_TYPES                VARCHAR2                IN     DEFAULT
 AUDIT_TRAIL                    BINARY_INTEGER          IN     DEFAULT
 AUDIT_COLUMN_OPTS              BINARY_INTEGER          IN     DEFAULT

PROCEDURE DBMS_FGA.DISABLE_POLICY
 Argument Name                  Type                    In/Out Default?
 ------------------------------ ----------------------- ------ --------
 OBJECT_SCHEMA                  VARCHAR2                IN     DEFAULT
 OBJECT_NAME                    VARCHAR2                IN
 POLICY_NAME                    VARCHAR2                IN

PROCEDURE DBMS_FGA.DROP_POLICY
 Argument Name                  Type                    In/Out Default?
 ------------------------------ ----------------------- ------ --------
 OBJECT_SCHEMA                  VARCHAR2                IN     DEFAULT
 OBJECT_NAME                    VARCHAR2                IN
 POLICY_NAME                    VARCHAR2                IN

PROCEDURE DBMS_FGA.ENABLE_POLICY
 Argument Name                  Type                    In/Out Default?
 ------------------------------ ----------------------- ------ --------
 OBJECT_SCHEMA                  VARCHAR2                IN     DEFAULT
 OBJECT_NAME                    VARCHAR2                IN
 POLICY_NAME                    VARCHAR2                IN
 ENABLE                         BOOLEAN                 IN     DEFAULT

   

For more information on the DBMS_FGA package, see the links below:

Oracle Security the dbms_fga Package

Oracle Privacy Security Fine Grained Auditing dbms_fga.add_policy

Oracle Privacy Security Fine Grained Auditing dbms_fga.drop_policy

Oracle 10g Apply a Fine-Grained Auditing Policy

DBMS_FGA package tips

Advanced Oracle Utilities: The Definitive Reference by Rampant TechPress is written by top Oracle database experts (Bert Scalzo,  Donald Burleson, and Steve Callan).  Buy direct from the publisher and save 30%!