Fine Grained Auditing

Fine Grained Auditing (FGA), introduced with Oracle9i, can be understood as "policy-based auditing". As opposed to the standard auditing functionality, FGA lets you specify the conditions necessary for an audit record to be generated:

FGA policies are programatically bound to the object (table, view) by using the "dbms_fga" package. Similar to the package used for access control with VPD ("dbms_rls"), it allows you to create any desired condition, for example: Audit an event only when the following conditions are true:

• A table is accessed between 9 p.m. and 6 a.m. or on Saturday and Sunday.
• An IP address from outside the corporate network is used.
• A specific column has been selected or updated.
• A specific value for this column has been used.

This creates more meaningful audit trails, since not each and every access to a table is recorded. Starting with Oracle Database 10g, FGA supports all combinations of "select", "insert", "update" and "delete" statements in one policy. The fact that the FGA policy is bound to the table simplifies management of audit policies, since it needs only to be changed once in the database, not in each and every application. Additionally, no matter how a user connects to the database (via an application, a Web interface or through SQL*Plus), her actions are recorded.

Audit trail records created by Fine Grained Auditing can be captured and analyzed in Oracle Audit Vault, automatically alerting the security team about possible malicious activity. Click here for more information about Oracle Audit Vault.