| |
 |
|
Oracle Tips by Burleson |
Chapter 11 Oracle Fine Grained Auditing
selects the claim. From the audit trails, we saw
that the user issued:
select
claim_amount from claims where claim_id = 1234567;
The status value for the claim 1234567 was
INACTIVE at that time, which is the reason the FGA handler audited
the statement.
Later, the status for this claim was changed to
PENDING. At the time the audit record was seen, the status was
INACTIVE, not PENDING. So when the auditor issues the same query to
see what the user saw:
select status from claims where claim_id =
1234567;
He or she will see PENDING, not INACTIVE.
Although the user saw the claim when it was inactive, the auditor
will never ascertain that. This may lead to accountability problems
later. Almost always, the audit trails are examined as an
after-effect, and the data could have changed since the time the
trails were generated. We need to devise a mechanism to let the
auditor know what the user saw at that time, not what the value is
now.
Fortunately,
a feature known as Flashback Queries allows this to be accomplished
quite easily. Introduced in Oracle 9i, this tool lets the data be
rewound, i.e. the data is shown as a snapshot in some point in the
past. Discussing the details of the Flashback Queries is beyond the
scope of this book. In this section we will
The above text is
an excerpt from
the bestselling book:
Oracle
Privacy Security Auditing.
It's only $39.95 and has an
download of working security scripts:
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
download of working security scripts:
http://rampant-books.com/book_2003_2_audit.htm
|
Download your Oracle scripts now:
www.oracle-script.com
The
definitive Oracle Script collection for every Oracle professional DBA
|
|
