Data encryption and access control can significantly reduce security risks. However, OceanBase Database still needs to record the operations of authorized users to prevent the leakage of user logon information or the abuse of access permissions. Security audit is a feature for tracking user behavior, which can meet enterprises' strict data security and compliance requirements.
Limitations
Currently, only the Oracle mode of OceanBase Database supports the security audit feature.
Concepts
Audit is performed on a per tenant basis, which means that an audit initiated by a tenant is only applicable to the operations of users under the tenant and is invalid for other tenants.
Audit can only be performed by
ORAAUDITOR, which meets the requirements of the separation of powers.The audit content and syntax are basically consistent with those of Oracle standard audit. Unified audit is not supported.
Audit results can be saved to local disk files or internal tables.
Audit types for SQL statements and data objects are supported.
Audit data cannot be deleted.
Audit process
The timing of audit is after the execution of a user's SQL statement but before the transmission of a response packet. The audit process is as follows:
Check whether security audit is enabled for the current user, based on a comprehensive evaluation of the tenant, username, and configuration settings.
Parse the SQL statement to identify auditable operations. A single SQL statement can contain multiple operations. For example,
insert into t1 select * from t2, t3contains three operations:(insert, t1),(select, t2), and(select t3).Check whether each operation triggers any audit rules.
Generate a separate audit record for each operation that triggers an audit rule, and save the audit records to internal tables or disk files depending on the configuration settings.
References
For more information about audit operations, see the following topics: