1 – Disable
Disable=enable-disable-options
Disables security auditing for the specified audit event classes.
To disable alarms and audits for all classes, specify the All
option. You can also selectively disable alarms and audits for
one or more classes that are currently enabled. You must specify
at least one class when you specify the Disable qualifier. See
the Enable qualifier description for a list of the classes you
can specify with the Disable qualifier.
When you specify audit classes with the Disable qualifier, the
events you specify are immediately disabled. For other audit
events that have not been explicitly disabled with the Disable
qualifier, records continue to be recorded in the security
audit journal and alarms continue to be sent to security-enabled
terminals, as specified.
When processing the RMU Set Audit command, Oracle Rdb processes
the Disable qualifier last. If you accidentally specify both
Enable and Disable for the same event type in the same command,
the Disable qualifier prevails.
2 – Enable
Enable=enable-disable-options
Enables security auditing for the specified audit event classes.
To enable alarms and audits for all events, specify the All
option. You can also selectively enable alarms and audits for
one or more classes that are currently disabled. You must specify
at least one class when you specify the Enable qualifier.
When you specify audit classes with the Enable qualifier, the
audit events you specify are immediately enabled, so that audit
events of currently attached users are recorded in the security
audit journal and alarms are sent to security-enabled terminals,
as specified.
With the Enable and Disable qualifiers, you can specify one or
more of the following six valid class options: All, Daccess,
Daccess=object-type, Identifier=(identifier-list), Protection,
and Rmu. If you specify more than one class, separate the classes
with commas, and enclose the list of classes within parentheses.
The following list provides a description of each option:
o All
Enables or disables all possible audit event classes.
o Daccess
Enables or disables DACCESS (discretionary access) audit
events.
A DACCESS audit event occurs whenever a user issues a command
that causes a check to be made for the existence of the
appropriate privilege in an access privilege set (APS). To
monitor access to a particular database object or group of
objects, use the Daccess=object-type option to specify that a
DACCESS audit record be produced whenever an attempt is made
to access the object.
Specifying the general Daccess option enables or disables the
general DACCESS audit event type. If DACCESS event auditing is
enabled and started for specific objects, auditing takes place
immediately after you issue the RMU Set Audit command with
the Enable=Daccess qualifier. Auditing starts for any users
specified in the Identifier=(identifier-list) option who are
attached to the database when the command is issued.
o Daccess=object-type[=(object name)]/Privileges=(privilege-
list)
Allows you to audit access to database objects by users in the
Identifier=(identifier-list) option with the privileges you
specify.
A DACCESS type event record indicates the command issued, the
privilege used by the process issuing the command, and whether
the attempt to access the object was successful.
The object-type option enables or disables DACCESS auditing
for the specified object type. You can specify one or more
object types in an RMU Set Audit command. The three valid
object types are:
- DATABASE
When you specify the DATABASE object type, you must use the
Privileges qualifier to specify one or more privileges to
be audited for the database. Do not specify an object name
with the DATABASE object type.
- TABLE
Specify the TABLE option for both tables and views. When
you specify the TABLE object type, you must specify one or
more table names with the object name parameter. You must
also use the Privileges qualifier to specify one or more
privileges to be audited for the specified tables.
- COLUMN
When you specify the COLUMN object type, you must specify
one or more column names with the object name parameter.
Specify the table name that contains the column by using
the following syntax:
table-name.column-name
If you specify more than one column, separate the list
of table-name.column-names with commas, and enclose the
list within parentheses. You must also use the Privileges
qualifier to specify one or more privileges to be audited
for the specified columns.
The object name parameter enables or disables DACCESS auditing
for the specified object or objects. If you specify more than
one object name, separate the object names with commas, and
enclose the list of object names within parentheses.
If you specify one or more object names, you must select one
or more privileges to audit. Use the Privileges=privilege-list
qualifier to select the privileges that are to be audited for
each of the objects in the object name list when the selected
objects are accessed. The privileges that can be specified
with the Privileges qualifier are listed in DACCESS Privileges
for Database Objects.
Privilege names SUCCESS and FAILURE can be used as a
convenient way to specify that all successful or failed
accesses to that object for all privileges should be audited.
The privilege name All can be used with the Enable or Disable
qualifier to turn on or turn off auditing for all privileges
applicable to the object.
If you specify a privilege that does not apply to an object,
Oracle Rdb allows it, but will not produce any auditing for
that privilege. You can specify only SQL privileges with the
Privileges=(privilege-list) qualifier. The privileges that
can be specified for each Oracle Rdb object type are shown
in DACCESS Privileges for Database Objects. The Relational
Database Operator (RDO) privileges that correspond to
the SQL privileges are included in DACCESS Privileges for
Database Objects to help RDO users select the appropriate SQL
privileges for auditing.
Table 13 DACCESS Privileges for Database Objects
SQL RDO
Privilege Privilege Database Table/ViColumn
ALTER CHANGE Y Y N
CREATE DEFINE Y Y N
DBADM ADMINISTRATOR Y N N
DBCTRL CONTROL Y Y N
DELETE ERASE N Y N
DISTRIBTRAN DISTRIBTRAN Y N N
DROP DELETE Y Y N
INSERT WRITE N Y N
REFERENCES REFERENCES N Y Y
SECURITY SECURITY Y N N
SELECT READ Y Y N
UPDATE MODIFY N Y Y
SUCCESS SUCCESS Y Y Y
FAILURE FAILURE Y Y Y
ALL ALL Y Y Y
o Identifier=(identifier-list)
Enables or disables auditing of user access to objects listed
in the Enable=Daccess=object-type qualifier. If you do not
specify this option, no users are audited for the DACCESS
event. Any user whose identifier you specify is audited for
accessing the database objects with the privileges specified.
You can specify wildcard characters within the identifiers
to identify groups of users. The [*,*] identifier indicates
public, and causes all users to be audited. If you specify a
nonexistent identifier, you receive an error message.
The order of identifiers in the identifier list is not
significant. A user is audited if he or she holds any of the
identifiers specified in the identifier list.
You can specify user identification code (UIC) identifiers,
general identifiers, and system-defined identifiers in the
identifier list. For more information on identifiers, see the
Oracle Rdb Guide to Database Design and Definition.
If you specify more than one identifier, separate the
identifiers with commas, and enclose the identifier list
within parentheses. UIC identifiers with commas such as
[RDB,JONES] must be enclosed within quotation marks as
follows:
IDENTIFIER=(INTERACTIVE,"[RDB,JONES]",SECRETARIES)
When you use Identifier=(identifier-list) to specify one or
more identifiers to be audited, those identifiers are audited
whenever they access any object for which auditing has been
enabled.
o Protection
Allows you to audit changes made to access privilege sets
for database objects by means of the SQL GRANT and REVOKE
statements.
o Rmu
Audits the use of Oracle RMU commands by users with the
privilege to use them.
3 – Every
Noevery
Sets the granularity of DACCESS event auditing for the database.
When you specify the Every qualifier, every access check
for the specified objects using the specified privilege or
privileges during a database attachment is audited. When you
specify the Noevery qualifier, each user's first access check
for the specified audit objects using the specified privilege
or privileges during a database attachment is audited. The
First qualifier is a synonym for the Noevery qualifier; the two
qualifiers can be used interchangeably.
The default is the Every qualifier.
4 – First
Specifies that when DACCESS event auditing is enabled, each
user's first access check for the specified audit objects
using the specified privilege or privileges during a database
attachment is audited. The First qualifier is a synonym
for the Noevery qualifier; the two qualifiers can be used
interchangeably.
5 – Flush
Noflush
Indicates whether forced writes of audit journal records are
currently enabled for the database. Forced writes will cause
Oracle Rdb to write (flush) the audit journal record immediately
out to disk when the audit record is produced, rather than
waiting for the audit server to flush the audit records at
specified intervals of seconds.
The default is the Noflush qualifier, which flushes audit records
every interval of seconds. To specify the interval, use the DCL
command SET AUDIT/INTERVAL=JOURNAL_FLUSH=time.
6 – Start
Starts Oracle Rdb security auditing for the database. The Start
qualifier by itself starts both security alarms and security
audit journal records. Also, you can supply the Type=Alarm
qualifier or the Type=Audit qualifier to start security alarms
only or security audit journaling only.
When you specify the Start qualifier, auditing starts immediately
for all audit event classes that are currently enabled. Any
subsequent audit events of currently attached users are recorded
in the security audit journal, or alarms are sent to security-
enabled terminals, or both, depending on what you have specified
for your database.
7 – Stop
Stops Oracle Rdb security auditing for the database. The Stop
qualifier by itself stops both security alarms and security audit
journal records. Also, you can supply the Type=Alarm qualifier or
the Type=Audit qualifier to stop security alarms only or security
audit journaling only.
When you specify the Stop qualifier, the alarms or audits
(or both) of all audit event classes are immediately stopped
(depending on whether you specified the Type=Alarm qualifier,
the Type=Audit qualifier, or neither). The audit event classes
previously specified with the Enable qualifier remain enabled,
and you can start them again by using the Start qualifier.
8 – Type
Type=option
Specifies that security alarms or security audit journal records
(or both) be enabled or disabled. The following options are
available with the Type qualifier:
o Alarm
Causes subsequent qualifiers in the command line (Start, Stop,
Enable, and Disable) to generate or affect security alarm
messages that are sent to all terminals enabled as security
operator terminals.
o Audit
Causes subsequent qualifiers in the command line (Start,
Stop, Enable, and Disable) to generate or affect security
audit journal records that are recorded in the security audit
journal file.
If you do not specify the Type qualifier with the RMU Set
Audit command, Oracle RMU enables or disables both security
alarms and security audit journal records.