6.4. FGA in Oracle Database 10gThis section describes the specific features and enhancements introduced for FGA in Oracle Database 10g. 6.4.1. Additional DML StatementsIn Oracle9i Database, FGA supports the auditing of SELECT statements only; the DML statements such as INSERT, UPDATE, and DELETE cannot be audited. In Oracle Database 10g, DML statements can also be audited. A new statement_types parameter in the ADD_POLICY procedure of the DBMS_FGA package allows you to specify the statements you want audited. To continue with our previous example, suppose that we now want to capture all types of statementsSELECT, INSERT, UPDATE, and DELETEagainst the table EMP, but only when the audit conditions are satisfied as we described earlier. This can be accomplished by issuing the following: BEGIN DBMS_FGA.add_policy (object_schema => 'HR', object_name => 'EMP', policy_name => 'EMP_DML', audit_column => 'SALARY, COMM', audit_condition => 'SALARY >= 150000', statement_types => 'SELECT, INSERT, DELETE, UPDATE' ); END; / The records go to the same audit trail table, FGA_LOG$, and will be visible through the same data dictionary view, DBA_FGA_AUDIT_TRAIL. To accommodate the three additional types of access (INSERT, UPDATE, and DELETE), a new column called STATEMENT_TYPE is available in the view. If this parameter is omitted, then only SELECT statements are recorded. DELETE statements are always audited, regardless of the audit_column parameter. This is because a DELETE removes the entire row and implicitly references or affects all of the columns in the table.
6.4.2. Additional Data Dictionary Views and ColumnsIn Oracle Database 10g, a number of additional items are captured in the FGA audit trail and are available in the DBA_FGA_AUDIT_TRAIL view. An additional view, FLASHBACK_TRANSACTION_QUERY, is also new in Oracle Database 10g. 6.4.2.1. The DBA_FGA_AUDIT_TRAIL viewNew Oracle Database 10g columns in DBA_FGA_AUDIT_TRAIL include:
6.4.2.2. The FLASHBACK_TRANSACTION_QUERY viewAnother new Oracle Database 10g view, FLASHBACK_TRANSACTION_QUERY, shows the transactions that have occurred in the database. It contains these columns:
Although the information in this view is mainly used for flashback query operation (another new feature in Oracle Database 10g), it is helpful in FGA, as well. The column XID in this view indicates the unique transaction identifier, which is also captured in the TRANSACTIONID column of the DBA_FGA_AUDIT_TRAIL view. Using this column, you can correlate the two views and thus find out everything about the transaction that caused the audit trail to be created. 6.4.3. Combination of ColumnsIn the previous example, I specified a list of columns as follows: audit_column => 'SALARY, COMM' This indicates that if a user accesses either the SALARY or the COMM column, the action is logged. In some cases, however, you may have a more specific requirement that asks for logging only if all of the columns named in the list are referenced, not just any one of them. For instance, in the EMP database, you may want FGA to write a trail only if someone accesses SALARY and EMPNAME together. That may be because if only one column is accessed, the action is not likely to uncover sensitive information (typically, the user needs a name to match to a salary). Suppose that the user issues this query: SELECT salary FROM hr.emp; This displays the salaries of all of the employees, but without names next to salaries, the information is probably not very helpful. Similarly, suppose that the user issues: SELECT empname FROM hr.emp; This returns employee names, but without the salary column, the salary information is protected. However, if the user issues: SELECT empname, salary FROM hr.emp; this query will enable the user to see the salaries of all of the employees, the very information that is supposed to be protected. In this last case (but not in the first two), the audit trail provides meaningful information and should therefore be generated. In Oracle9i Database, there was no way to specify a combination of columns as an audit condition. In Oracle Database 10g, this can be done through the audit_column_opts parameter in the ADD_POLICY procedure. By default, the value of that parameter is DBMS_FGA.ANY_COLUMNS, which triggers an audit trail if any of the columns is referenced. However, if you override that default by specifying DBMS_FGA.ALL_COLUMNS as the value, the audit trail is generated only if all of the columns are referenced. In our example, if I want an FGA policy that creates an audit record only if the user selects both the SALARY and the EMPNAME columns, I can create the policy as follows: BEGIN DBMS_FGA.add_policy (object_schema => 'HR', object_name => 'EMP', policy_name => 'EMP_DML', audit_column => 'SALARY, COMM', audit_condition => 'SALARY >= 150000 OR EMPID = 100', statement_types => 'SELECT, INSERT, DELETE, UPDATE', audit_column_opts => DBMS_FGA.all_columns ); END; / This feature is extremely useful in focusing audit activity very tightly on the key conditions for an application (and reducing audit trail volume). To accommodate this new feature, the DBA_AUDIT_POLICIES view in Oracle Database 10g has a number of additional columns, listed below:
|