Oracle8: Database Administration 20-29 . Summary Quick Reference Context Reference Initialization parameters None Dynamic performance views None Data dictionary views DBA_ROLES DBA_ROLE_PRIVS DBA_SYS_PRIVS ROLE_ROLE_PRIVS ROLE_SYS_PRIVS ROLE_TAB_PRIVS SESSION_ROLES Commands CREATE_ROLE ALTER ROLE DROP ROLE SET ROLE ALTER USER DEFAULT ROLES GRANT REVOKE Packaged procedures and functions DBMS_SESSION.SET_ROLE 20-30 Oracle8: Database Administration . Lesson 20: Managing Roles 21 Auditing 21-2 Oracle8: Database Administration . Lesson 21: Auditing Instructor Note Topic Timing Lecture 30 minutes Practice 0 minutes Total 30 minutes Oracle8: Database Administration 21-3 . Objectives Objectives 21-2 Copyright  Oracle Corporation, 1998. All rights reserved. Session Objectives • Differentiating between database auditing and value-based auditing • Using database auditing • Viewing enabled auditing options • Retrieving and maintaining auditing information 21-4 Oracle8: Database Administration . Lesson 21: Auditing Overview Auditing of Privileged Operations The Oracle server will always audit the following database related actions into the system audit trail: • Instance startup: An audit record is generated that details the OS user starting the instance, terminal identifier, the date and time stamp, and whether database auditing was enabled or disabled. • Instance shutdown: An audit record is generated that details the OS user shutting down the instance, terminal identifier, the date and time stamp. • Connections to the database with administrator privileges: An audit record is generated that details the OS user connecting to Oracle as SYSOPER or SYSDBA, to provide accountability of users with administrator privileges. Database Auditing Database auditing is the monitoring and recording of selected user database actions. Information about the event is stored in the audit trail. 21-3 Copyright  Oracle Corporation, 1998. All rights reserved. Auditing Categories • Auditing privileged operations – Always audited – Startup, shutdown, and SYSDBA connections • Database auditing – Enabled by DBA – Cannot record column values • Value-based or application auditing – Implemented through code – Can record column values – Used to track changes to tables Oracle8: Database Administration 21-5 . Overview The audit trail can be used to investigate suspicious activity. For example, if an unauthorized user is deleting data from tables, the database administrator may decide to audit all connections to the database in conjunction with successful and unsuccessful deletions of rows from tables in the database. Auditing might also be used to monitor and gather data about specific database activities. For example, the database administrator can gather statistics about which tables are being updated, how many logical I/Os are performed, and how many concurrent users connect at peak times. Value-Based Auditing Database auditing cannot record column values. If the changes to database columns need to be tracked and column values need to be stored for each change, use application auditing. Application auditing can be done either through client code, stored procedures, or database triggers. Instructor Note Demonstrate auditing the Windows NT audit trail: 1 Connect as SYSDBA. 2 Start—>Programs—>Administrative Tools—>Event Viewer. 3 From the Event Viewer menu, select Log—>Application. (Application is the type of log record that Oracle creates in NT). The Event Viewer will show the list of application auditing events. 4 To display the last Oracle event, double-click on the first event with a source of Oracle80.orcl. Since startups, shutdowns, and connect internals are always audited, you will see these events, even if auditing is not enabled in the parameter file. Also show the audit files in AUDIT_FILE_DEST on UNIX. 21-6 Oracle8: Database Administration . Lesson 21: Auditing Value-Based Auditing Using Triggers: An Example The slide shows an example of a script that can be used to create a trigger to perform value-based auditing. This trigger stores the old and new column values, the name of the user making the change, and the time stamp whenever changes are made to the employee table. Database auditing is a database administrator task, and, therefore, is the main focus of this lesson. 21-4 Copyright  Oracle Corporation, 1998. All rights reserved. CREATE TRIGGER scott.audit_employee AFTER INSERT OR DELETE OR UPDATE ON scott.emp FOR EACH ROW BEGIN INSERT INTO scott.audit_employee VALUES ( :OLD.empno, :OLD.name,…, :NEW.empno, :NEW.name,…, USER, SYSDATE); END; Value-Based Auditing: An Example Oracle8: Database Administration 21-7 . Using Database Auditing Using Database Auditing The database administrator requires a clearly defined purpose for auditing. If not, the amount of auditing information generated may cause the audit trail to grow uncontrollably with insignificant information. Enable Database Auditing Once you have decided what to audit, you set the AUDIT_TRAIL initialization parameter to enable auditing for the instance. This parameter indicates whether the audit trail is written to a database table or the operating system audit trail. Specify Audit Options Next, you set specific auditing options using the AUDIT command. With the AUDIT command, you indicate which commands, users, objects, or privileges to audit. You can also indicate whether an audit record should be generated for each occurrence or once per session. If an auditing option is no longer required, you can turn off the option with the NOAUDIT command. 21-5 Copyright  Oracle Corporation, 1998. All rights reserved. Database Auditing Audit trail Audit options Other tables Parameter file Enable DB auditing DBA Specify audit options Database User Execute command Generate audit trail Review audit information Server process 21-8 Oracle8: Database Administration . Lesson 21: Auditing Execution of Statements When users execute PL/SQL and SQL statements, the server process examines the auditing options to determine if the statement being executed should generate an audit record. SQL statements inside PL/SQL program units are individually audited, as necessary, when the program unit is executed. Because views and procedures may refer to other database objects, several audit records may be generated as the result of executing a single statement. Generating Audit Data The generation and insertion of an audit trail record is independent of a user’s transaction; therefore, if a user’s transaction is rolled back, the audit trail record remains intact. Since the audit record is generated during the execute phase, a syntax error, which occurs during the parse phase, will not cause an audit trail record to be generated. Reviewing Audit Information Examine the information generated during auditing by selecting from the audit trail data dictionary views or by using an operating system utility to view the operating system audit trail. This information is used to investigate suspicious activity and to monitor database activity. [...]... Oracle8 : Database Administration 21 -23 Lesson 21 : Auditing 21 -24 Oracle8 : Database Administration 22 Using National Language Support Lesson 22 : Using National Language Support Instructor Note Topic Lecture Timing 30 minutes Practice 15 minutes Total 45 minutes 22 -2 Oracle8 : Database Administration Objectives... up to 1 28 ( =27 ) characters; single-byte 8- bit encoding schemes can define up to 25 6 (= 28 ) characters 22 -6 Oracle8 : Database Administration Choosing a Database and a National Character Set Examples of Single-Byte Schemes 7-bit character set: ASCII 7-bit American (US7ASCII) 8- bit character set: • ISO 88 59- 1 West European (WE8ISO 885 9P1) • EBCDIC Code Page 500 8- bit... generated and stored in the audit trail Oracle8 : Database Administration 21 -21 Lesson 21 : Auditing Summary Summary • Differentiating between database auditing and value-based auditing • Maintaining the audit trail 21 -14 Copyright © Oracle Corporation, 19 98 All rights reserved 21 -22 Oracle8 : Database Administration Summary Quick Reference... varying-width format UCS2 and UTF8 encode the same character repertoire: Unicode 1.1 or Unicode 2. 0 Oracle7 uses Unicode 1.1 encoded as UTF8 (Character set: AL24UTFFSS); Oracle8 additionally provides Unicode 2. 0 encoded as UTF8 (Character set: UTF8) The advantage of UTF8 is that it includes ASCII using the same single-byte encoding 22 -8 Oracle8 : Database Administration ... publishing In total, Unicode version 2. 0 can represent 38, 885 characters Oracle8 : Database Administration 22 -7 Lesson 22 : Using National Language Support The Unicode character repertoire can be represented in a number of different encoding formats UCS2 (Universal Character Set; 2- byte form) is a two-byte, fixed-width format, UTF8 (Universal Character Set Transformation... Oracle8 : Database Administration 22 -5 Lesson 22 : Using National Language Support Choosing a Database and a National Character Set Different Types of Encoding Schemes Oracle supports different classes of character encoding schemes: - Single-byte character sets - 7-bit - 8- bit - Varying-width multibyte character set - Fixed-width multibyte character set - Unicode (UTF8, AL24UTFFSS)... Oracle8 : Database Administration 21 -13 Lesson 21 : Auditing Auditing Schema Objects Object Table Option ALTER AUDIT COMMENT DELETE EXECUTE GRANT INDEX INSERT LOCK READ RENAME SELECT UPDATE 21 -8 View X X X X X X X X X X X X X X X X X X Sequence X X X Stored Program X X X X X X X Snapshot X X X X X X X X X X X Copyright © Oracle Corporation, 19 98 All rights reserved... options Oracle8 : Database Administration 21 -15 Lesson 21 : Auditing Viewing Auditing Options Data Dictionary View ALL_DEF_AUDIT_OPTS Default audit options DBA_STMT_AUDIT_OPTS Statement auditing options DBA_PRIV_AUDIT_OPTS Privilege auditing options DBA_OBJ_AUDIT_OPTS 21 -9 Description Schema object auditing options Copyright © Oracle Corporation, 19 98 All rights reserved... for a database • Specifying the language-dependent behavior using initialization parameters, environment variables and the ALTER SESSION command • Using the different types of NLS parameters • Explaining the influence on languagedependent application behavior • Obtaining information about NLS usage 22 -2 Copyright © Oracle Corporation, 19 98 All rights reserved Oracle8 : Database Administration. .. Administration 22 -3 Lesson 22 : Using National Language Support Overview NLS Features • Language support • Territory support • Character set support • Linguistic sorting • Message support • Date and time formats • Numeric formats • Monetary formats Database 22 -3 Copyright © Oracle Corporation, 19 98 All rights reserved The National Language Support (NLS) ensures that database utilities . functions DBMS_SESSION.SET_ROLE 20 -30 Oracle8 : Database Administration . Lesson 20 : Managing Roles 21 Auditing 21 -2 Oracle8 : Database Administration . Lesson 21 : Auditing Instructor Note Topic. minutes Oracle8 : Database Administration 21 -3 . Objectives Objectives 21 -2 Copyright  Oracle Corporation, 19 98. All rights reserved. Session Objectives • Differentiating between database auditing. to investigate suspicious activity and to monitor database activity. Oracle8 : Database Administration 21 -9 . Using Database Auditing The database administrator sets the AUDIT_TRAIL initialization