In Oracle-compatible mode, tenants can configure statement-level and object-level audit rules using the AUDIT/NOAUDIT statements. Audit log encryption is not configured via DDL; it must be implemented in conjunction with the audit_log_encryption parameter and the audit functions described below. The semantics of these functions are consistent with those in MySQL-compatible mode. When calling them in Oracle-compatible mode, it is recommended to use FROM DUAL.
Applicability
This content applies only to OceanBase Database Enterprise Edition. OceanBase Database Community Edition does not support the audit feature.
Audit functions
The following table lists the audit functions supported by the current version of OceanBase Database in Oracle-compatible mode.
Function name |
Description |
|---|---|
| AUDIT_LOG_ENCRYPTION_PASSWORD_SET | Triggers the archiving of currently writing audit logs and generates a new encryption key. This function is supported starting from V4.4.2 BP2. |
| AUDIT_LOG_ENCRYPTION_PASSWORD_GET | Used to determine the version based on the version number in the archive file name.pwd_idReturns the encryption password (or key material) for the corresponding archived log file. This function is supported starting from V4.4.2 BP2. |
Limitations and considerations
The function must be directly and uniquely used as an output column (i.e., select item) in a
SELECTstatement, with no restrictions on parent expressions.Functions cannot be used in subqueries.
You must have the
SUPERprivilege to use this group of functions.
