Example 1
In the following example, the first command enables alarms
for the RMU and PROTECTION classes. The second command shows
that alarms for the RMU and PROTECTION classes are enabled but
not yet started. The AUDIT class is always enabled and cannot
be disabled. The third command starts alarms for the RMU and
PROTECTION classes. The fourth command shows that alarms for the
RMU and PROTECTION classes are enabled and started.
$ ! Enable alarms for RMU and PROTECTION classes:
$ RMU/SET AUDIT/TYPE=ALARM/ENABLE=(RMU,PROTECTION) MF_PERSONNEL
$ !
$ ! Show that alarms are enabled, but not yet started:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (enabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
$ ! Start alarms for the enabled RMU and PROTECTION classes:
$ RMU/SET AUDIT/START/TYPE=ALARM MF_PERSONNEL
$ !
$ ! Show that alarms are started for the RMU and PROTECTION classes:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (enabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
Example 2
In this example, the first command shows that alarms are started
and enabled for the RMU class. The second command disables alarms
for the RMU class. The third command shows that alarms for RMU
class are disabled.
$ ! Show that alarms are enabled and started for the RMU class:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (enabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
$ ! Disable alarms for the RMU class:
$ RMU/SET AUDIT/TYPE=ALARM/DISABLE=RMU MF_PERSONNEL
$ !
$ ! Show that alarms are disabled for the RMU class:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
None
Example 3
In this example, the first command enables auditing for users
with the [SQL,USER1] and [RDB,USER2] identifiers. The second
command shows the enabled identifiers. The third command enables
DACCESS checks requiring SELECT and INSERT privileges for the
EMPLOYEES and COLLEGES tables. The fourth command displays the
DACCESS checks that have been specified for the COLLEGES and
EMPLOYEES tables. Note that because the general DACCESS type has
not been enabled, DACCESS for the EMPLOYEES and COLLEGES tables
is displayed as disabled.
$ ! Enable auditing for users with the [SQL,USER1] and
$ ! [RDB,USER2] identifiers:
$ RMU/SET AUDIT/ENABLE=IDENTIFIER=("[SQL,USER1]","[RDB,USER2]") -
_$ MF_PERSONNEL
$ !
$ ! Show that [SQL,USER1] and [RDB,USER2] are enabled identifiers:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=[RDB,USER2])
$ ! Enable and start DACCESS checks for the SELECT and INSERT
$ ! privileges for the COLLEGES and EMPLOYEES tables:
$ RMU/SET AUDIT/ENABLE=DACCESS=TABLE=(COLLEGES,EMPLOYEES) -
_$ /PRIVILEGES=(SELECT,INSERT)/START MF_PERSONNEL
$ !
$ ! Display the DACCESS checks that are enabled and
$ ! started for the COLLEGES and EMPLOYEES tables:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STARTED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(SELECT,INSERT)
TABLE : COLLEGES
(SELECT,INSERT)
Security alarms STARTED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(SELECT,INSERT)
TABLE : COLLEGES
(SELECT,INSERT)
Example 4
In this example, the first command enables auditing of the JOBS
and EMPLOYEES tables for DACCESS checks for users with the
[SQL,USER1] or BATCH identifier. The Privileges=All qualifier
specifies that auditing will be produced for every privilege.
The second command shows that auditing is enabled for users
with the [SQL,USER1] or BATCH identifier. The third command
shows that DACCESS checking for the JOBS and EMPLOYEES tables
for all privileges is specified. The fourth command enables the
general DACCESS class. The fifth command's output shows that the
general DACCESS class is now enabled. The sixth command starts
the auditing that is enabled, and the seventh command shows that
the enabled auditing is started.
$ ! Enable DACCESS checks for users with the [SQL,USER1] or
$ ! BATCH identifier for the JOBS and EMPLOYEES tables:
$ RMU/SET AUDIT/TYPE=AUDIT -
_$ /ENABLE=(IDENTIFIER=("[SQL,USER1]",BATCH), -
_$ DACCESS=TABLE=(JOBS,EMPLOYEES)) /PRIVILEGES=ALL MF_PERSONNEL
$ !
$ ! Show that auditing is enabled for users with the [SQL,USER1]
$ ! or BATCH identifiers:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Security alarms STOPPED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (disabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=BATCH)
$ ! Show that DACCESS checking for all privileges for the
$ ! JOBS and EMPLOYEES tables is enabled:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
TABLE : EMPLOYEES
(ALL)
TABLE : JOBS
(ALL)
Security alarms STOPPED for:
DACCESS (disabled)
$ ! Enable the general DACCESS class:
$ RMU/SET AUDIT/ENABLE=DACCESS MF_PERSONNEL
$ !
$ ! Show that the general DACCESS class is enabled:
$ RMU/SHOW AUDIT/DACCESS=TABLE MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (enabled)
TABLE : EMPLOYEES
(ALL)
TABLE : JOBS
(ALL)
Security alarms STOPPED for:
DACCESS (enabled)
$ ! Start the auditing that is enabled:
$ RMU/SET AUDIT/START MF_PERSONNEL
$ !
$ ! Show that the enabled auditing is started:
$ RMU/SHOW AUDIT/ALL MF_PERSONNEL
Security auditing STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (enabled)
Security alarms STARTED for:
PROTECTION (disabled)
RMU (disabled)
AUDIT (enabled)
DACCESS (enabled)
Audit flush is disabled
Audit every access
Enabled identifiers:
(IDENTIFIER=[SQL,USER1])
(IDENTIFIER=BATCH)
Example 5
In this example, the first command enables DACCESS checks
requiring the INSERT privilege for the mf_personnel database,
for the EMPLOYEES table, and for the EMPLOYEE_ID column of the
EMPLOYEES table. The second command shows that the DACCESS check
for the INSERT privilege is enabled for the specified objects.
$ ! Enable a DACCESS check for the INSERT privilege for the
$ ! MF_PERSONNEL database, EMPLOYEES table, and EMPLOYEE_ID
$ ! column of the EMPLOYEES table:
$ RMU/SET AUDIT -
_$ /ENABLE=DACCESS=(DATABASE,TABLE=EMPLOYEES, -
_$ COLUMN=EMPLOYEES.EMPLOYEE_ID) -
_$ /PRIVILEGES=(INSERT) MF_PERSONNEL
$ !
$ ! Show that the DACCESS check for the INSERT privilege is
$ ! enabled for the specified objects. (The general DACCESS
$ ! class remains disabled until you issue an
$ ! RMU/SET AUDIT/ENABLE=Daccess command without specifying
$ ! any object-type parameter to the Daccess option.
$ ! See the fourth Oracle RMU command in Example 4.)
$ !
$ RMU/SHOW AUDIT/DACCESS=(DATABASE,TABLE,COLUMN) MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
DATABASE
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
Security alarms STOPPED for:
DACCESS (disabled)
DATABASE
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
Example 6
In this example, the first command enables a DACCESS check
requiring the INSERT privilege for the EMPLOYEES and COLLEGES
tables, as well as for the EMPLOYEE_ID and LAST_NAME columns of
the EMPLOYEES table and the COLLEGE_CODE column of the COLLEGES
table in the mf_personnel database. The second command shows that
the DACCESS check for the INSERT privilege is enabled for the
specified objects.
$ ! Enable a DACCESS check for the INSERT privilege for the
$ ! EMPLOYEES and COLLEGES table, the LAST_NAME and EMPLOYEE_ID
$ ! column of the EMPLOYEES table, and the COLLEGE_CODE column
$ ! of the COLLEGES table:
$ RMU/SET AUDIT -
_$ /ENABLE=DACCESS=(TABLE=(EMPLOYEES,COLLEGES), -
_$ COLUMN=(EMPLOYEES.EMPLOYEE_ID, -
_$ EMPLOYEES.LAST_NAME, -
_$ COLLEGES.COLLEGE_CODE)) -
_$ /PRIVILEGES=(INSERT) MF_PERSONNEL
$ !
$ ! Show that the DACCESS check for the INSERT privilege is
$ ! enabled for the specified objects. (The general DACCESS
$ ! class remains disabled until you issue an
$ ! RMU/SET AUDIT/ENABLE=Daccess command without specifying
$ ! any object-type parameter to the Daccess option.
$ ! See the fourth Oracle RMU command in Example 4.)
$ !
$ RMU/SHOW AUDIT/DACCESS=(DATABASE,TABLE,COLUMN) MF_PERSONNEL
Security auditing STOPPED for:
DACCESS (disabled)
DATABASE
(NONE)
TABLE : COLLEGES
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : COLLEGES.COLLEGE_CODE
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
COLUMN : EMPLOYEES.LAST_NAME
(INSERT)
Security alarms STOPPED for:
DACCESS (disabled)
DATABASE
(NONE)
TABLE : COLLEGES
(INSERT)
TABLE : EMPLOYEES
(INSERT)
COLUMN : COLLEGES.COLLEGE_CODE
(INSERT)
COLUMN : EMPLOYEES.EMPLOYEE_ID
(INSERT)
COLUMN : EMPLOYEES.LAST_NAME
(INSERT)