Enables Oracle Rdb security auditing. When security auditing is
enabled, Oracle Rdb sends security alarm messages to terminals
that have been enabled as security operators and makes entries
in the database's security audit journal whenever specified audit
events are detected.
1 – Description
The RMU Set Audit command is the Oracle Rdb equivalent to the
DCL SET AUDIT command. Because Oracle Rdb security auditing uses
many OpenVMS system-level auditing mechanisms, certain auditing
characteristics (such as /FAILURE_MODE) can only be set and
modified by using the DCL SET AUDIT command, which requires the
OpenVMS SECURITY privilege.
2 – Format
(B)0[mRMU/Set Audit root-file-spec
[4mCommand[m [4mQualifiers[m x [4mDefaults[m
x
/Disable=enable-disable-options x See description
/Enable=enable-disable-options x See description
/[No]Every x /Every
/First x Synonym for /Noevery
/[No]Flush x /Noflush
/Start x See description
/Stop x See description
/Type={Alarm|Audit} x Alarm and Audit
3 – Parameters
3.1 – root-file-spec
The file specification of the database root for which auditing
information will be modified.
4 – Command Qualifiers
4.1 – Disable
Disable=enable-disable-options
Disables security auditing for the specified audit event classes.
To disable alarms and audits for all classes, specify the All
option. You can also selectively disable alarms and audits for
one or more classes that are currently enabled. You must specify
at least one class when you specify the Disable qualifier. See
the Enable qualifier description for a list of the classes you
can specify with the Disable qualifier.
When you specify audit classes with the Disable qualifier, the
events you specify are immediately disabled. For other audit
events that have not been explicitly disabled with the Disable
qualifier, records continue to be recorded in the security
audit journal and alarms continue to be sent to security-enabled
terminals, as specified.
When processing the RMU Set Audit command, Oracle Rdb processes
the Disable qualifier last. If you accidentally specify both
Enable and Disable for the same event type in the same command,
the Disable qualifier prevails.
4.2 – Enable
Enable=enable-disable-options
Enables security auditing for the specified audit event classes.
To enable alarms and audits for all events, specify the All
option. You can also selectively enable alarms and audits for
one or more classes that are currently disabled. You must specify
at least one class when you specify the Enable qualifier.
When you specify audit classes with the Enable qualifier, the
audit events you specify are immediately enabled, so that audit
events of currently attached users are recorded in the security
audit journal and alarms are sent to security-enabled terminals,
as specified.
With the Enable and Disable qualifiers, you can specify one or
more of the following six valid class options: All, Daccess,
Daccess=object-type, Identifier=(identifier-list), Protection,
and Rmu. If you specify more than one class, separate the classes
with commas, and enclose the list of classes within parentheses.
The following list provides a description of each option:
o All
Enables or disables all possible audit event classes.
o Daccess
Enables or disables DACCESS (discretionary access) audit
events.
A DACCESS audit event occurs whenever a user issues a command
that causes a check to be made for the existence of the
appropriate privilege in an access privilege set (APS). To
monitor access to a particular database object or group of
objects, use the Daccess=object-type option to specify that a
DACCESS audit record be produced whenever an attempt is made
to access the object.
Specifying the general Daccess option enables or disables the
general DACCESS audit event type. If DACCESS event auditing is
enabled and started for specific objects, auditing takes place
immediately after you issue the RMU Set Audit command with
the Enable=Daccess qualifier. Auditing starts for any users
specified in the Identifier=(identifier-list) option who are
attached to the database when the command is issued.
o Daccess=object-type[=(object name)]/Privileges=(privilege-
list)
Allows you to audit access to database objects by users in the
Identifier=(identifier-list) option with the privileges you
specify.
A DACCESS type event record indicates the command issued, the
privilege used by the process issuing the command, and whether
the attempt to access the object was successful.
The object-type option enables or disables DACCESS auditing
for the specified object type. You can specify one or more
object types in an RMU Set Audit command. The three valid
object types are:
- DATABASE
When you specify the DATABASE object type, you must use the
Privileges qualifier to specify one or more privileges to
be audited for the database. Do not specify an object name
with the DATABASE object type.
- TABLE
Specify the TABLE option for both tables and views. When
you specify the TABLE object type, you must specify one or
more table names with the object name parameter. You must
also use the Privileges qualifier to specify one or more
privileges to be audited for the specified tables.
- COLUMN
When you specify the COLUMN object type, you must specify
one or more column names with the object name parameter.
Specify the table name that contains the column by using
the following syntax:
table-name.column-name
If you specify more than one column, separate the list
of table-name.column-names with commas, and enclose the
list within parentheses. You must also use the Privileges
qualifier to specify one or more privileges to be audited
for the specified columns.
The object name parameter enables or disables DACCESS auditing
for the specified object or objects. If you specify more than
one object name, separate the object names with commas, and
enclose the list of object names within parentheses.
If you specify one or more object names, you must select one
or more privileges to audit. Use the Privileges=privilege-list
qualifier to select the privileges that are to be audited for
each of the objects in the object name list when the selected
objects are accessed. The privileges that can be specified
with the Privileges qualifier are listed in DACCESS Privileges
for Database Objects.
Privilege names SUCCESS and FAILURE can be used as a
convenient way to specify that all successful or failed
accesses to that object for all privileges should be audited.
The privilege name All can be used with the Enable or Disable
qualifier to turn on or turn off auditing for all privileges
applicable to the object.
If you specify a privilege that does not apply to an object,
Oracle Rdb allows it, but will not produce any auditing for
that privilege. You can specify only SQL privileges with the
Privileges=(privilege-list) qualifier. The privileges that
can be specified for each Oracle Rdb object type are shown
in DACCESS Privileges for Database Objects. The Relational
Database Operator (RDO) privileges that correspond to
the SQL privileges are included in DACCESS Privileges for
Database Objects to help RDO users select the appropriate SQL
privileges for auditing.
Table 13 DACCESS Privileges for Database Objects
SQL RDO
Privilege Privilege Database Table/ViColumn
ALTER CHANGE Y Y N
CREATE DEFINE Y Y N
DBADM ADMINISTRATOR Y N N
DBCTRL CONTROL Y Y N
DELETE ERASE N Y N
DISTRIBTRAN DISTRIBTRAN Y N N
DROP DELETE Y Y N
INSERT WRITE N Y N
REFERENCES REFERENCES N Y Y
SECURITY SECURITY Y N N
SELECT READ Y Y N
UPDATE MODIFY N Y Y
SUCCESS SUCCESS Y Y Y
FAILURE FAILURE Y Y Y
ALL ALL Y Y Y
o Identifier=(identifier-list)
Enables or disables auditing of user access to objects listed
in the Enable=Daccess=object-type qualifier. If you do not
specify this option, no users are audited for the DACCESS
event. Any user whose identifier you specify is audited for
accessing the database objects with the privileges specified.
You can specify wildcard characters within the identifiers
to identify groups of users. The [*,*] identifier indicates
public, and causes all users to be audited. If you specify a
nonexistent identifier, you receive an error message.
The order of identifiers in the identifier list is not
significant. A user is audited if he or she holds any of the
identifiers specified in the identifier list.
You can specify user identification code (UIC) identifiers,
general identifiers, and system-defined identifiers in the
identifier list. For more information on identifiers, see the
Oracle Rdb Guide to Database Design and Definition.
If you specify more than one identifier, separate the
identifiers with commas, and enclose the identifier list
within parentheses. UIC identifiers with commas such as
[RDB,JONES] must be enclosed within quotation marks as
follows:
IDENTIFIER=(INTERACTIVE,"[RDB,JONES]",SECRETARIES)
When you use Identifier=(identifier-list) to specify one or
more identifiers to be audited, those identifiers are audited
whenever they access any object for which auditing has been
enabled.
o Protection
Allows you to audit changes made to access privilege sets
for database objects by means of the SQL GRANT and REVOKE
statements.
o Rmu
Audits the use of Oracle RMU commands by users with the
privilege to use them.
4.3 – Every
Noevery
Sets the granularity of DACCESS event auditing for the database.
When you specify the Every qualifier, every access check
for the specified objects using the specified privilege or
privileges during a database attachment is audited. When you
specify the Noevery qualifier, each user's first access check
for the specified audit objects using the specified privilege
or privileges during a database attachment is audited. The
First qualifier is a synonym for the Noevery qualifier; the two
qualifiers can be used interchangeably.
The default is the Every qualifier.
4.4 – First
Specifies that when DACCESS event auditing is enabled, each
user's first access check for the specified audit objects
using the specified privilege or privileges during a database
attachment is audited. The First qualifier is a synonym
for the Noevery qualifier; the two qualifiers can be used
interchangeably.
4.5 – Flush
Noflush
Indicates whether forced writes of audit journal records are
currently enabled for the database. Forced writes will cause
Oracle Rdb to write (flush) the audit journal record immediately
out to disk when the audit record is produced, rather than
waiting for the audit server to flush the audit records at
specified intervals of seconds.
The default is the Noflush qualifier, which flushes audit records
every interval of seconds. To specify the interval, use the DCL
command SET AUDIT/INTERVAL=JOURNAL_FLUSH=time.
4.6 – Start
Starts Oracle Rdb security auditing for the database. The Start
qualifier by itself starts both security alarms and security
audit journal records. Also, you can supply the Type=Alarm
qualifier or the Type=Audit qualifier to start security alarms
only or security audit journaling only.
When you specify the Start qualifier, auditing starts immediately
for all audit event classes that are currently enabled. Any
subsequent audit events of currently attached users are recorded
in the security audit journal, or alarms are sent to security-
enabled terminals, or both, depending on what you have specified
for your database.
4.7 – Stop
Stops Oracle Rdb security auditing for the database. The Stop
qualifier by itself stops both security alarms and security audit
journal records. Also, you can supply the Type=Alarm qualifier or
the Type=Audit qualifier to stop security alarms only or security
audit journaling only.
When you specify the Stop qualifier, the alarms or audits
(or both) of all audit event classes are immediately stopped
(depending on whether you specified the Type=Alarm qualifier,
the Type=Audit qualifier, or neither). The audit event classes
previously specified with the Enable qualifier remain enabled,
and you can start them again by using the Start qualifier.
4.8 – Type
Type=option
Specifies that security alarms or security audit journal records
(or both) be enabled or disabled. The following options are
available with the Type qualifier:
o Alarm
Causes subsequent qualifiers in the command line (Start, Stop,
Enable, and Disable) to generate or affect security alarm
messages that are sent to all terminals enabled as security
operator terminals.
o Audit
Causes subsequent qualifiers in the command line (Start,
Stop, Enable, and Disable) to generate or affect security
audit journal records that are recorded in the security audit
journal file.
If you do not specify the Type qualifier with the RMU Set
Audit command, Oracle RMU enables or disables both security
alarms and security audit journal records.
5 – Usage Notes
o To use the RMU Set Audit command for a database, you must
have the RMU$SECURITY privilege in the root file ACL for the
database or the OpenVMS SECURITY or BYPASS privilege.
o Audit journal records collected on a database can be stored
only in the database from which they were collected. The
database name specified with the RMU Load command with the
Audit qualifier identifies to Oracle Rdb both the audit
records to be loaded and the database into which they are
to be loaded.
o There is very little overhead associated with security
auditing; no extra disk I/O is involved. Therefore, you need
not be concerned about the impact to database performance
should you decide to enable security auditing.
o You can use the Daccess=object-type option to enable DACCESS
checking for specific objects, but the general DACCESS class
is not enabled until you explicitly enable it by using the
Enable=Daccess qualifier with the RMU Set Audit command.
Also, you need to use the Start qualifier with the RMU Set
Audit command to start the auditing and alarms that have been
enabled.
o Alarms are useful for real-time tracking of auditing
information. At the moment an alarm occurs, text messages
regarding the alarm are displayed on security-enabled
terminals.
To enable a terminal to receive Oracle Rdb security alarms,
enter the DCL REPLY/ENABLE=SECURITY command. You must have
both the OpenVMS SECURITY and OpenVMS OPER privileges to use
the REPLY/ENABLE=SECURITY command.
o Audit records are useful for periodic reviews of security
events. Audit records are stored in a security audit journal
file, and can be reviewed after they have been loaded into
a database table with the RMU Load command with the Audit
qualifier. Use the DCL SHOW AUDIT/JOURNAL command to determine
the security audit journal file being used by your database.
o The AUDIT class is always enabled for both alarms and audit
records, but does produce any alarms or audit records until
auditing is started. The AUDIT class cannot be disabled.
o When you specify the Daccess=object-type option and
one or more other options in an options list, the
Privileges=(privilege-list) qualifier must begin after the
closing parenthesis for the options list.
o To display the results of an RMU Set Audit command, enter the
RMU Show Audit command.
o You can use the Disable and Enable qualifiers with indirect
file references. See the Indirect-Command-Files help entry for
more information.
o When the RMU Set Audit command is issued for a closed
database, the command executes without other users being able
to attach to the database.
6 – Examples
Example 1
In the following example, the first command enables alarms
for the RMU and PROTECTION classes. The second command shows
that alarms for the RMU and PROTECTION classes are enabled but
not yet started. The AUDIT class is always enabled and cannot
be disabled. The third command starts alarms for the RMU and
PROTECTION classes. The fourth command shows that alarms for the
RMU and PROTECTION classes are enabled and started.
$ ! Enable alarms for RMU and PROTECTION classes:
$ RMU/SET AUDIT/TYPE=ALARM/ENABLE=(RMU,PROTECTION) MF_PERSONNEL
$ !
$ ! Show that alarms are enabled, but not yet started:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (enabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
$ ! Start alarms for the enabled RMU and PROTECTION classes:
$ RMU/SET AUDIT/START/TYPE=ALARM MF_PERSONNEL
$ !
$ ! Show that alarms are started for the RMU and PROTECTION classes:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (enabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
Example 2
In this example, the first command shows that alarms are started
and enabled for the RMU class. The second command disables alarms
for the RMU class. The third command shows that alarms for RMU
class are disabled.
$ ! Show that alarms are enabled and started for the RMU class:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
$ ! Disable alarms for the RMU class:
$ RMU/SET AUDIT/TYPE=ALARM/DISABLE=RMU MF_PERSONNEL
$ !
$ ! Show that alarms are disabled for the RMU class:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
Example 3
In this example, the first command enables auditing for users
with the [SQL,USER1] and [RDB,USER2] identifiers. The second
command shows the enabled identifiers. The third command enables
DACCESS checks requiring SELECT and INSERT privileges for the
EMPLOYEES and COLLEGES tables. The fourth command displays the
DACCESS checks that have been specified for the COLLEGES and
EMPLOYEES tables. Note that because the general DACCESS type has
not been enabled, DACCESS for the EMPLOYEES and COLLEGES tables
is displayed as disabled.
$ ! Enable auditing for users with the [SQL,USER1] and
$ ! [RDB,USER2] identifiers:
$ RMU/SET AUDIT/ENABLE=IDENTIFIER=("[SQL,USER1]","[RDB,USER2]") -
_$ MF_PERSONNEL
$ !
$ ! Show that [SQL,USER1] and [RDB,USER2] are enabled identifiers:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=[RDB,USER2])
$ ! Enable and start DACCESS checks for the SELECT and INSERT
$ ! privileges for the COLLEGES and EMPLOYEES tables:
$ RMU/SET AUDIT/ENABLE=DACCESS=TABLE=(COLLEGES,EMPLOYEES) -
_$ /PRIVILEGES=(SELECT,INSERT)/START MF_PERSONNEL
$ !
$ ! Display the DACCESS checks that are enabled and
$ ! started for the COLLEGES and EMPLOYEES tables:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STARTED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(SELECT,INSERT)
TABLE : COLLEGES
(SELECT,INSERT)
Security alarms STARTED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(SELECT,INSERT)
TABLE : COLLEGES
(SELECT,INSERT)
Example 4
In this example, the first command enables auditing of the JOBS
and EMPLOYEES tables for DACCESS checks for users with the
[SQL,USER1] or BATCH identifier. The Privileges=All qualifier
specifies that auditing will be produced for every privilege.
The second command shows that auditing is enabled for users
with the [SQL,USER1] or BATCH identifier. The third command
shows that DACCESS checking for the JOBS and EMPLOYEES tables
for all privileges is specified. The fourth command enables the
general DACCESS class. The fifth command's output shows that the
general DACCESS class is now enabled. The sixth command starts
the auditing that is enabled, and the seventh command shows that
the enabled auditing is started.
$ ! Enable DACCESS checks for users with the [SQL,USER1] or
$ ! BATCH identifier for the JOBS and EMPLOYEES tables:
$ RMU/SET AUDIT/TYPE=AUDIT -
_$ /ENABLE=(IDENTIFIER=("[SQL,USER1]",BATCH), -
_$ DACCESS=TABLE=(JOBS,EMPLOYEES)) /PRIVILEGES=ALL MF_PERSONNEL
$ !
$ ! Show that auditing is enabled for users with the [SQL,USER1]
$ ! or BATCH identifiers:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=BATCH)
$ ! Show that DACCESS checking for all privileges for the
$ ! JOBS and EMPLOYEES tables is enabled:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(ALL)
TABLE : JOBS
(ALL)
Security alarms STOPPED for:
DACCESS (disabled)
$ ! Enable the general DACCESS class:
$ RMU/SET AUDIT/ENABLE=DACCESS MF_PERSONNEL
$ !
$ ! Show that the general DACCESS class is enabled:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (enabled)
TABLE : EMPLOYEES
(ALL)
TABLE : JOBS
(ALL)
Security alarms STOPPED for:
DACCESS (enabled)
$ ! Start the auditing that is enabled:
$ RMU/SET AUDIT/START MF_PERSONNEL
$ !
$ ! Show that the enabled auditing is started:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (enabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (enabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=BATCH)
Example 5
In this example, the first command enables DACCESS checks
requiring the INSERT privilege for the mf_personnel database,
for the EMPLOYEES table, and for the EMPLOYEE_ID column of the
EMPLOYEES table. The second command shows that the DACCESS check
for the INSERT privilege is enabled for the specified objects.
$ ! Enable a DACCESS check for the INSERT privilege for the
$ ! MF_PERSONNEL database, EMPLOYEES table, and EMPLOYEE_ID
$ ! column of the EMPLOYEES table:
$ RMU/SET AUDIT -
_$ /ENABLE=DACCESS=(DATABASE,TABLE=EMPLOYEES, -
_$ COLUMN=EMPLOYEES.EMPLOYEE_ID) -
_$ /PRIVILEGES=(INSERT) MF_PERSONNEL
$ !
$ ! Show that the DACCESS check for the INSERT privilege is
$ ! enabled for the specified objects. (The general DACCESS
$ ! class remains disabled until you issue an
$ ! RMU/SET AUDIT/ENABLE=Daccess command without specifying
$ ! any object-type parameter to the Daccess option.
$ ! See the fourth Oracle RMU command in Example 4.)
$ !
$ RMU/SHOW AUDIT/DACCESS=(DATABASE,TABLE,COLUMN) MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
DATABASE
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
Security alarms STOPPED for:
DACCESS (disabled)
DATABASE
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
Example 6
In this example, the first command enables a DACCESS check
requiring the INSERT privilege for the EMPLOYEES and COLLEGES
tables, as well as for the EMPLOYEE_ID and LAST_NAME columns of
the EMPLOYEES table and the COLLEGE_CODE column of the COLLEGES
table in the mf_personnel database. The second command shows that
the DACCESS check for the INSERT privilege is enabled for the
specified objects.
$ ! Enable a DACCESS check for the INSERT privilege for the
$ ! EMPLOYEES and COLLEGES table, the LAST_NAME and EMPLOYEE_ID
$ ! column of the EMPLOYEES table, and the COLLEGE_CODE column
$ ! of the COLLEGES table:
$ RMU/SET AUDIT -
_$ /ENABLE=DACCESS=(TABLE=(EMPLOYEES,COLLEGES), -
_$ COLUMN=(EMPLOYEES.EMPLOYEE_ID, -
_$ EMPLOYEES.LAST_NAME, -
_$ COLLEGES.COLLEGE_CODE)) -
_$ /PRIVILEGES=(INSERT) MF_PERSONNEL
$ !
$ ! Show that the DACCESS check for the INSERT privilege is
$ ! enabled for the specified objects. (The general DACCESS
$ ! class remains disabled until you issue an
$ ! RMU/SET AUDIT/ENABLE=Daccess command without specifying
$ ! any object-type parameter to the Daccess option.
$ ! See the fourth Oracle RMU command in Example 4.)
$ !
$ RMU/SHOW AUDIT/DACCESS=(DATABASE,TABLE,COLUMN) MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
DATABASE
(NONE)
TABLE : COLLEGES
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : COLLEGES.COLLEGE_CODE
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
COLUMN : EMPLOYEES.LAST_NAME
(INSERT)
Security alarms STOPPED for:
DACCESS (disabled)
DATABASE
(NONE)
TABLE : COLLEGES
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : COLLEGES.COLLEGE_CODE
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
COLUMN : EMPLOYEES.LAST_NAME
(INSERT)