Oracle DML auditing tips Oracle security Tips by Donald Burleson

Question:  Can I use the Oracle audit command to audit DML updates to set of my Oracle database tables?  What alternative are there for the Oracle audit DML table command?  Which audit tool is best?  I only want auditing for a selected sub-set of tables.

Answer:  First, see my notes on the different types of Oracle DML auditing especially Oracle fine-grained auditing (FGA) and Oracle LogMiner.  For complete details on Oracle DML auditing, see my my book "Oracle Privacy Security Auditing".

There are three ways to audit DML, and you can extract DML auditing for selected tables.  Just be aware, that LogMiner has the least overhead, but it does not audit DML in real-time because you are reading the archived redo logs.

1 - Use the audit command to audit DML on selected tables:

      audit
          update table,
          delete table,
          insert table
      by
          MYTABLE
      by
          access;

2 - For auditing specified tables you can also audit DML at the table-level with DML triggers.

This is just a tiny sample of the Oracle audit functionality and see the book "Oracle Privacy Security Auditing", for details and working scripts for Oracle DML auditing.

Oracle Training from Don Burleson  The best on site "Oracle training classes" are just a phone call away! You can get personalized Oracle training by Donald Burleson, right at your shop!