Oracle 19c — Audit Only Top-Level SQL Statements

By -

 If the volume of logs generated by the unified auditing feature is relatively high, referring to and maintaining the audit trail may lead to performance issues and storage shortages. Therefore, auditing should be configured in a way that avoids storing unnecessary information in the related table.

The new Oracle 19c feature called Auditing Only Top-Level SQL Statements can be effective in this regard.

With this feature, you can enable auditing only for statements that are executed directly by the user (so-called Top-Level statements) and ignore auditing statements that are executed as part of a procedure call.

To use this feature, you simply need to add the clause ONLY TOPLEVEL to the CREATE AUDIT POLICY statement. Additionally, by checking the column AUDIT_ONLY_TOPLEVEL in the view AUDIT_UNIFIED_POLICIES, you can see which audit policies are using this feature. See the example below:

Example: Consider the following procedure:

create or replace procedure myproc1  as

begin

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

insert into  mytbl select * from v$datafile;

commit;

end;

Suppose we want to audit some of the actions performed by user usef. For this purpose, we create an audit policy with the following command:

SQL> create audit policy actions_all_pol actions all;
Audit policy created.

Then we enable the created audit policy for user usef:

SQL> audit policy actions_all_pol by usef;
Audit succeeded.

User usef executes the procedure myproc1:

SQL> exec myproc1;
PL/SQL procedure successfully completed

By checking the unified_audit_trail view, we will see that 11 records were added to the audit trail for this procedure execution:

SQL>select count(*) from unified_audit_trail f where f.unified_audit_policies=’ACTIONS_ALL_POL’;

11

We can display the recorded information with the following command:

SQL> select f.sessionid,f.action_name,f.object_schema,f.object_name from unified_audit_trail f where f.unified_audit_policies=’ACTIONS_ALL_POL’;

As shown, the text of the INSERT statements inside the myproc1 procedure were recorded in the audit trail.

Now, we want to use the Auditing Only Top-Level SQL Statements feature to prevent logging extra information. So, we repeat the process again:

— Delete existing records from the aud$unified table and disable the created audit policy:

SQL> begin
       dbms_audit_mgmt.clean_audit_trail(
         audit_trail_type => dbms_audit_mgmt.audit_trail_unified,
         use_last_arch_timestamp => false
       );
     end;
/

SQL> noaudit policy actions_all_pol by usef;
Noaudit succeeded.

— Create a new audit policy with the ONLY TOPLEVEL clause:

SQL> create audit policy TOPLEVEL_on actions all ONLY TOPLEVEL;
Audit policy created.

— Enable the created audit policy for user usef:

SQL> audit policy TOPLEVEL_on by usef;
Audit succeeded.

— Execute the procedure by user usef:

SQL> exec myproc1;
PL/SQL procedure successfully completed

— With this procedure execution, only 1 record will be added to the audit trail:

SQL> select f.sessionid, f.action_name, f.sql_text 
     from unified_audit_trail f 
     where f.unified_audit_policies = 'TOPLEVEL_ON';

As you can see, with the help of the Auditing Only Top-Level SQL Statements feature, only the statement that was executed directly by the user is recorded in the audit trail.

Vahid Yousefzadeh

Written by Vahid Yousefzadeh

I have been a DBA since 2011 and I work with Oracle technology. Linkdin: linkedin.com/in/vahidusefzadeh telegram channel ID:@oracledb vahidusefzadeh@gmail.com


Comments

Post a Comment

Popular posts from this blog

Oracle 23ai — Speed up IMPDP Using NOVALIDATE Constraints

By -
  When executing the   IMPDP   command, some operations do not support parallel execution. Creating constraints is one such operation. Oracle must validate the current data in the table before creating a constraint, which requires a full table scan for each validation. This process can be very time-consuming. Consider the following constraints: ALTER TABLE VAHID.MYTB ADD CONSTRAINT CHECK1 CHECK (col3 > 50 ); ALTER TABLE VAHID.MYTB ADD CONSTRAINT CHECK2 CHECK (col9 IN ( 5 , 15 )); We drop the  MYTB  table and recreate it using a dump file: SQL > drop table mytb; Table dropped. W -1 Processing object type TABLE_EXPORT / TABLE / TABLE_DATA W -1 . . imported "VAHID"."MYTB" 19 GB 337830912 rows in 83 seconds using external_table W -1 Processing object type TABLE_EXPORT / TABLE / CONSTRAINT / CONSTRAINT W -1 Completed 2 CONSTRAINT objects in 208 seconds As shown, creating the two constraints ta...
Read more

Staging Tables in Oracle 23ai

By -
  As you may know, using   staging tables   is a common practice in   Data Warehouse   environments, primarily during the data loading process into the   Warehouse Database . Typically, raw data received from   source databases   is first loaded into a temporary area, referred to as   staging tables . After cleansing inconsistent and invalid data and transforming it into a standard format, the cleaned data is stored in the final operational tables. In addition to initial data loading,   staging tables   are also used for updates and are often truncated before reuse. In   Oracle 23ai , a new minor feature has been introduced for this purpose, allowing users to create tables specifically designed as   staging tables . This is achieved by adding the   FOR STAGING   clause to the   CREATE TABLE   statement. Creating Staging Tables Using the   FOR STAGING   clause, staging tables can be created as ...
Read more

Boolean Data Type in Oracle ِDatabase 23ai

By -
Image
  Oracle introduced the Boolean data type in SQL with version 23ai (although this data type has existed in PL/SQL previously). With this feature, you can define table columns as Boolean during table creation. SQL > CREATE TABLE jadval1 (id NUMBER, is_accept BOOLEAN ); Table created You can also use the keyword  BOOL  instead of  BOOLEAN : SQL > CREATE TABLE jadval1 (id NUMBER, is_accept BOOL); Table created You can set default values for Boolean columns: SQL > CREATE TABLE table1 (id NUMBER, is_accept BOOL DEFAULT FALSE ); Table created To populate the  is_accept  column, you can use the three keywords:  TRUE ,  FALSE , and  NULL : SQL > insert into table1 values ( 1 , true ); 1 row inserted SQL > insert into table1 values ( 2 , null ); 1 row inserted SQL > insert into table1 values ( 3 , false ); 1 row inserted SQL > select * from table1; ID IS_ACCEPT ---------- ---------- ...
Read more