After you enable security audit, you must set specific rules for auditing user operations.
Set audit rules
Log in to an Oracle tenant as the built-in ORAAUDITOR user to set audit rules, which are divided into the following two types:
- Statement audit: the audit of specific operations. You do not specify the objects, but you can specify whether the audit rules apply to specific or all users.
- Object audit: the audit of the operations that are performed on specified objects. You can specify whether the audit rules apply to specific or all users.
An audit rule is also a schema object. To configure each rule, AUDIT and NOAUDIT statements are executed.
For more information about the audit rules, see AUDIT.
For example, audit the INSERT, UPDATE, and DELETE operations on the tbl1 table of the user1 user.
obclient> AUDIT INSERT,UPDATE,DELETE ON user1.tbl1;
View audit rules
After you set the audit rules, you can view them by using a series of data dictionary views that are compatible with Oracle.
| Dictionary view | Description |
|---|---|
| ALL_DEF_AUDIT_OPTS | Records default audit rules of new objects. Valid values of each column are:
|
| DBA_STMT_AUDIT_OPTS | Records audit configuration details at the statement level. |
| DBA_OBJ_AUDIT_OPTS | Records audit configuration details at the object level. |
Execute the following statement to view the audit rules in the ALL_DEF_AUDIT_OPTS view. Here is an example:
obclient> SELECT * FROM SYS.ALL_DEF_AUDIT_OPTS;
References
For more information about audit operations, see the following topics: