Oracle 视图 DBA_XS_AUDIT_TRAIL 官方解释,作用,如何使用详细说明
本站中文解释
Oracle 视图DBA_XS_AUDIT_TRAIL用于查询权限审计日志。它由数据库管理者的查询使用,以审查具有特权的用户的权限使用情况,确定数据库访问控制和安全策略是否被正确实施。
利用该视图,DBA可以跟踪所有特权用户(拥有SYSDBA、SYSOPER或 sys_context[‘userenv’,’authenticated_role’]角色的用户)在数据库上执行的操作。它还跟踪特权未经认证的许可动作。
使用该视图的方法:
1. 选择检查的范围,对特定的组、用户或许可进行记录
2. 运行SQL查询,查看指定的组/用户/许可的行为
例:
SELECT username, action, returncode, description
FROM dba_xs_audit_trail
WHERE username = ‘TEST_USER’
AND action = ‘grant’
AND returncode = 0;
这个查询查找“TEST_USER”执行“授予”操作但returncode为0的行为细节。
官方英文解释
DBA_XS_AUDIT_TRAIL describes all audit records specific to Oracle Database Real Application Security.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
Name of the database user whose actions were audited |
|
|
|
|
Numeric audit trail action type code. The corresponding name of the action type is in the |
|
|
|
|
Name of the action type corresponding to the numeric code in the |
|
|
|
|
Owner of the object affected by the action |
|
|
|
|
Name of the object affected by the action |
|
|
|
|
Oracle error code generated by the action |
|
|
|
|
Name of the Real Application Security user |
|
|
|
|
Identifer of the Real Application Security session |
|
|
|
|
Inactivity timeout of the Real Application Security session |
|
|
|
|
Type of the Real Application Security entity. Possible values are |
|
|
|
|
Target principal name in Real Application Security operations. Possible operations are set verifier, set password, add proxy, remove proxy, switch user, assign user, create session, grant roles. |
|
|
|
|
Name of the Real Application Security proxy user. |
|
|
|
|
Name of the Real Application Security data security policy enabled or disabled |
|
|
|
|
Name of the schema in enable, disable data security policy and global callback operation |
|
|
|
|
Real Application Security global callback event type |
|
|
|
|
Real Application Security callback package name for the global callback |
|
|
|
|
Real Application Security callback procedure name for the global callback |
|
|
|
|
The role that is enabled |
|
|
|
|
Real Application Security session cookie |
|
|
|
|
Name of the Real Application Security session namespace |
|
|
|
|
Name of the Real Application Security session namespace attribute |
|
|
|
|
The old value of the Real Application Security session namespace attribute |
|
|
|
|
The new value of the Real Application Security session namespace attribute |
|
|
|
|
Timestamp of audit record |
See Also:
Oracle Database Security
Guide for more information about auditing
