Directory (LDAP) Based New Features

 

Page 72

ENTRYID will be given a unique value in the STATEMENTID column of the DBA_FGA_AUDIT_TRAIL view.

Auditing DML Statements

Fine-grained Auditing was introduced in Oracle9i, and only select statements could be audited. In Oracle Database 10g, you can audit update, insert, and delete statements. This allows for better auditing of database activities, and more user accountability. Also, Fine-grained Auditing allows you to audit activity based on one or more specific columns, though this is not required. You can define which statement types cause the audit trigger to be fired via the statements_type parameter of the dbms_fga.add_policy PL/SQL procedure.

Also, in Oracle9i, Oracle auditing was based on an audit condition being true (though there were ways around this). Oracle Database 10g removes this requirement and allows auditing of all statements, based on specific columns accessed in that statement. Here is an example of setting an audit policy in Oracle Database 10g:

 Begin Dbms_fga.add_policy( Object_schema=>'retiree', Object_name=>'personal_info', Policy_name=>'retiree_policy', Audit_condition=>NULL, Audit_column=>'SSN', Enable=>TRUE, Statement_types=>'update, delete'); END; / 

Note that no audit_condition is configured, so a record for all update and delete operations will be recorded. This statement will configure an audit policy for the RETIREE.PERSONAL_INFO table. It will only fire if the SSN column is used in any update or delete statement.

Directory (LDAP) Based New Features

One of the benefits of the Grid is that it provided centralized user management and privilege management. These remotely authenticated users are called directory users. Directory users are authenticated by a source outside of the database (generally LDAP). When an enterprise user is connected to the database, the user is then authenticated through the Oracle Internet Directory (OID), and not through the database.

Oracle Database 10g offers additional methods of authenticating directory users. This includes password-based authentication, Kerberos-based authentication, and X.509v3 certificate-based authentication. Also, the Oracle Database 10g database can now communicate with the OID via Simple Authentication and Security Layer (SASL) in addition to Secure Sockets Layer (SSL).

 


Oracle Database 10g New Features
Oracle Database 10g New Features (Osborne ORACLE Press Series)
ISBN: 0072229470
EAN: 2147483647
Year: 2006
Pages: 80

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net