Fine Grain Auditing.

Links

Frequent Oracle Errors

•	TNS:could not resolve the connect identifier specified
•	Backtrace message unwound by exceptions
•	invalid identifier
•	PL/SQL compilation error
•	internal error
•	missing expression
•	table or view does not exist
•	end-of-file on communication channel
•	TNS:listener unknown in connect descriptor
•	insufficient privileges
•	PL/SQL: numeric or value error string
•	TNS:protocol adapter error
•	ORACLE not available
•	target host or object does not exist
•	invalid number
•	unable to allocate string bytes of shared memory
•	resource busy and acquire with NOWAIT specified
•	error occurred at recursive SQL level string
•	ORACLE initialization or shutdown in progress
•	archiver error. Connect internal only, until freed
•	snapshot too old
•	unable to extend temp segment by string in tablespace
•	Credential retrieval failed
•	missing or invalid option
•	invalid username/password; logon denied
•	unable to create INITIAL extent for segment
•	out of process memory when trying to allocate string bytes
•	shared memory realm does not exist
•	cannot insert NULL
•	TNS:unable to connect to destination
•	remote database not found'>ora-02019
•	exception encountered: core dump
•	inconsistent datatypes
•	no data found
•	TNS:operation timed out
•	PL/SQL: could not find program
•	existing state of packages has been discarded
•	maximum number of processes exceeded
•	error signaled in parallel query server
•	ORACLE instance terminated. Disconnection forced
•	TNS:packet writer failure
•	see ORA-12699
•	missing right parenthesis
•	name is already used by an existing object
•	cannot identify/lock data file
•	invalid file operation
•	quoted string not properly terminated

Fine Grain Auditing.

Fine Grain Auditing.

2004-06-18 - By Jonathan Lewis

Reply: 1 2 3 4 5 6 7 8

For DDL the easiest option is to create database triggers:

create Or replace trigger before_drop
before drop
on test_user.schema
begin
raise_application_error(-20001, 'Dropping tables is naughty ');
end;
/

drop table t1;

drop table t1
*
ERROR at line 1:
ORA-00604 (See ORA-00604.ora-code.com): error occurred at recursive SQL level 1
ORA-20001 (See ORA-20001.ora-code.com): Dropping tables is naughty
ORA-06512 (See ORA-06512.ora-code.com): at line 2

Desc T1

Name Null? Type
-- ---- ---- ---- -- ----- -- ---- ----
N1 NUMBER
V1 VARCHAR2(10)
D1 DATE

It 's still there - but you could have use some of the
built-in functions for a more generic 'before DDL '
trigger to find out the command, object name, owner,
etc. and write the details into a log table using an
autonomous transaction.

The overheads of FGA are potentially disastrous,
and the exercise is probably a total waste of time.

Regards

Jonathan Lewis

http://www.jlcomp.demon.co.uk

http://www.jlcomp.demon.co.uk/faq/ind_faq.html
The Co-operative Oracle Users ' FAQ

http://www.jlcomp.demon.co.uk/seminar.html
Optimising Oracle Seminar - schedule updated May 1st

-- -- Original Message -- --
From: "Patamalla, Chaya " <chaya.patamalla@(protected) >
To: <oracle-l@(protected) >
Sent: Tuesday, June 15, 2004 7:58 PM
Subject: Fine Grain Auditing.

Has any one worked with Oracle 's Fine Grain Auditing.
What is the performance overhead.
Also, has anyone asked for auditing DDL? We are getting requirements
about auditing DDL functionality.

Thanks
Chaya Patamalla
I/T Sr.Database Administrator

-- "The opinions expressed herein are solely the author 's and are not
necessarily the opinion of USAA. " --

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe send email to: oracle-l-request@(protected)
put 'unsubscribe ' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --