Purpose
This view displays all audit tracking entries.
Applicability
This view is available only in Oracle mode of OceanBase Database.
Columns
| Column | Type | Nullable | Description |
|---|---|---|---|
| OS_USERNAME | VARCHAR2(255) | NO | This column is not supported. The value of this column is NULL by default. |
| USERNAME | VARCHAR2(64) | NO | The name of the user whose actions are audited. |
| USERHOST | VARCHAR2(32) | NO | The IP address of the host where the user whose actions are audited is located. |
| TERMINAL | VARCHAR2(255) | NO | This column is not supported. The value of this column is NULL by default. |
| TIMESTAMP | DATE | NO | The date and time when the audit record was created in the local database session time zone. |
| OWNER | VARCHAR2(64) | YES | The creator of the object affected by the action. |
| OBJ_NAME | VARCHAR2(256) | YES | The name of the object affected by the action. |
| ACTION | NUMBER(38) | NO | The numeric code of the action type. The corresponding name of the action type is in the ACTION_NAME column. |
| ACTION_NAME | VARCHAR2(128) | NO | The name of the action type corresponding to the numeric code in the ACTION column. |
| NEW_OWNER | VARCHAR2(64) | YES | The owner of the object named in the NEW_NAME column. |
| NEW_NAME | VARCHAR2(256) | YES | The new name of the object after the RENAME action or the name of the base object. |
| OBJ_PRIVILEGE | VARCHAR2(255) | NO | The object privileges granted or revoked by the GRANT or REVOKE statement. |
| SYS_PRIVILEGE | VARCHAR2(255) | NO | The system privileges granted or revoked by the GRANT or REVOKE statement. |
| ADMIN_OPTION | VARCHAR2(1) | NO | Indicates whether the role or system privilege was granted with the ADMIN option. |
| GRANTEE | VARCHAR2(128) | NO | The grantor specified in the GRANT or REVOKE statement. |
| AUDIT_OPTION | VARCHAR2(40) | NO | The audit option set with the audit statement. |
| SES_ACTIONS | VARCHAR2(19) | NO | This column is not supported. The value of this column is NULL by default. |
| LOGOFF_TIME | DATE | NO | The date and time when the user logged off. |
| LOGOFF_LREAD | NUMBER(38) | NO | The number of logical reads in the session. |
| LOGOFF_PREAD | NUMBER | NO | This column is not supported. The value of this column is 0 by default. |
| LOGOFF_LWRITE | NUMBER | NO | This column is not supported. The value of this column is NULL by default. |
| LOGOFF_DLOCK | VARCHAR2(40) | NO | This column is not supported. The value of this column is NULL by default. |
| COMMENT_TEXT | VARCHAR2(65536) | YES | The text comment on the audit record. |
| SESSIONID | NUMBER(38) | NO | The numeric ID of the session. For V4.2.x:
|
| ENTRYID | NUMBER(38) | NO | The numeric ID of each audit tracking entry in the session. |
| STATEMENTID | NUMBER(38) | NO | The numeric ID of each statement. |
| RETURNCODE | NUMBER(38) | NO | The error code generated by the operation. |
| PRIV_USED | VARCHAR2(40) | NO | This field is not supported. It is set to NULL by default. |
| CLIENT_ID | VARCHAR2(40) | NO | This field is not supported. It is set to NULL by default. |
| ECONTEXT_ID | VARCHAR2(40) | NO | This field is not supported. It is set to NULL by default. |
| SESSION_CPU | NUMBER(38) | NO | The CPU time used by the session. |
| EXTENDED_TIMESTAMP | TIMESTAMP(6) WITH TIME ZONE | NO | The timestamp when the audit tracking entry was created in the UTC time zone. |
| PROXY_SESSIONID | NUMBER(38) | NO | The sequence number of the proxy session. |
| GLOBAL_UID | NUMBER(38) | NO | The global user ID of the user. |
| INSTANCE_NUMBER | VARCHAR2(40) | NO | This field is not supported. It is set to NULL by default. |
| OS_PROCESS | VARCHAR2(40) | NO | This field is not supported. It is set to NULL by default. |
| TRANSACTIONID | VARCHAR2(128) | NO | The transaction identifier of the transaction in which the object was accessed or modified. |
| SCN | NUMBER(38) | NO | The SCN at which the audited operation occurred. |
| SQL_BIND | VARCHAR2(2000) | YES | This field is not supported. It is set to NULL by default. |
| SQL_TEXT | VARCHAR2(2000) | YES | The SQL text of the query. |
| OBJ_EDITION_NAME | VARCHAR2(128) | NO | This field is not supported. It is set to NULL by default. |
| DBID | NUMBER(38) | NO | The database identifier of the audited database. |
Sample query
Query all audit trail entries in the current tenant.
obclient [SYS]> SELECT USERNAME, USERHOST, TIMESTAMP, ACTION, SQL_TEXT FROM SYS.DBA_AUDIT_TRAIL;
The query result is as follows:
+------------+----------------+-----------+------------+
| USERNAME | USERHOST | TIMESTAMP | SQL_TEXT |
+------------+----------------+-----------+------------+
| ORAAUDITOR | 100.xx.xxx.xxx | 08-APR-25 | DISCONNECT |
| SYS | 100.xx.xxx.xxx | 08-APR-25 | CONNECT |
| ORAAUDITOR | 100.xx.xxx.xxx | 08-APR-25 | CONNECT |
| ORAAUDITOR | 100.xx.xxx.xxx | 08-APR-25 | DISCONNECT |
| SYS | 100.xx.xxx.xxx | 08-APR-25 | CONNECT |
| ORAAUDITOR | 100.xx.xxx.xxx | 08-APR-25 | CONNECT |
| ORAAUDITOR | 100.xx.xxx.xxx | 08-APR-25 | DISCONNECT |
| SYS | 100.xx.xxx.xxx | 08-APR-25 | CONNECT |
+------------+----------------+-----------+------------+
8 rows in set
References
- Query all audit trail entries for the current user: USER_AUDIT_TRAIL
Query audit trail entries generated by
AUDIT EXISTSandAUDIT NOT EXISTS: DBA_AUDIT_EXISTSQuery audit trail entries for all objects:
Query audit trail entries for
CONNECTandDISCONNECT:Query audit trail entries for
GRANT,REVOKE,AUDIT,NOAUDIT, andALTER SYSTEMstatements:For more information about security audit, see the following topics: