This tutorial covers how to audit operations of all RDBMS and
other components like RMAN, Oracle Data Pump using the new 12c
Unified Auditing feature,
consolidating all audit trails into a single unified audit trail
Time to Complete
Approximately 30 minutes
The unified auditing facility addresses the following
- Grouping audit options into a simple audit policy
- Allowing simpler action-based audit configurations
- Setting condition-based audit configurations
- Exempting users from being audited
- Merging all audit trails into a single unified audit trail table
- Relying on a read-only audit trail table
- Auditing any operation related to audit configuration
- Auditing any SYS user auditable action
- Separating audit administration duties with audit
administration roles, AUDIT_ADMIN and AUDIT_VIEWER
- Negligible overhead using System Global Area (SGA) queues for accumulating audit records
In this tutorial, you perform the following:
- Use the mixed auditing mode.
- Enable the unified auditing mode.
- Audit RMAN operations like backup, restore and recover.
- Audit Oracle Data Pump operations like export and import.
- Create audit policies to audit privileges, actions and roles under defined conditions.
- Use data dictionary views to display the audit policies and the audited data.
- Disable audit policies.
- Clean up audit data.
Before starting this tutorial, you should:
- Ensure that Oracle Database 12c is installed.
- A database is started.
Using Mixed Auditing Mode
In this topic, you will use the mixed auditing
- When a database is upgraded from a previous release, before you decide to switch to the unified auditing mode, you can use the mixed mode by creating a policy with CREATE AUDIT POLICY command and then enabling it with AUDIT command. If you do not wish to create a new policy, you can simply enable one of the predefined policies - ORA_SECURECONFIG or ORA_ACCOUNT_MGMT or ORA_DATABASE_PARAMETER. Either of this puts the database is mixed auditing mode. The old audit syntax continues to work and the old audit destinations continues to be written to.
- When a database is created, mixed auditing mode is used by
default through the predefined enabled policy ORA_SECURECONFIG.
But unified auditing mode is not yet enabled.
Enabling the Unified Auditing Mode
In this topic, you enable the
unified auditing mode.
Auditing RMAN and Oracle Data Pump Operations
In this topic, you audit Oracle Data Pump and Recovery Manager operations.
Oracle Data Pump Auditing
Creating Audit Policies to Audit Privileges, Actions and
In this topic, you create audit policies to audit operations that
use object and system privileges, roles and perform specific
Privilege Audit Policy
Action Audit Policy
Creating a Role
Mixed Audit Policy
Disabling and Deleting Audit Policies
In this topic, you disable audit policies without dropping them, and then you drop audit policies.
Performing Audit Data Cleanup
In this topic, you clean up all audited data from AUDSYS tables stored in SYSAUX tablespace.
In this tutorial, you have learned how to:
- Use the mixed auditing mode
- Enable the unified auditing mode
- Audit RMAN operations like backup, restore and recover
- Audit Oracle Data Pump operations like export and import
- Create audit policies to audit privileges, actions and roles under defined conditions
- Use data dictionary views to display the audit policies and the audited data
- Disable audit policies
- Clean up audit data
- Oracle Security Guide
- Oracle Database 12c New Features for Administrators course
- Curriculum Developers: Dominique Jeunot, Jean-Francois Verrier
To navigate this Oracle by Example tutorial, note the following:
- Hide Header Buttons:
- Click the title to hide the buttons in the header. To show the buttons again, click the title again.
- Topic List:
- Click a topic to navigate to that section.
- Expand All Topics:
- Click the button to show or hide the details for the sections. By default, all topics are collapsed.
- Hide All Images:
- Click the button to show or hide the screenshots. By default, all images are displayed.
- Click the button to print the content. The content that is currently displayed or hidden is printed.
To navigate to a particular section in this tutorial, select the topic from the list.