I'm trying to set up auditing for granting and revoking privileges on objects. I thought this could be done with the command:
audit grant on default; When I issued this command on a development database it seemed to have no effect (i.e., granting and revoking privileges did not create an entry in dba_audit_trail). After the database was shut down and restarted I then got an entry in dba_audit trail for grants but not for revokes. I issued the following commands: SQL> create table testjay (t1 number(1)); Table created. SQL> grant select on testjay to wsidba; Grant succeeded. SQL> revoke select on testjay from wsidba; Revoke succeeded. This resulted in the following entries: oracle WSI pts/6 23-OCT-02 WSI TESTJAY 1 CREATE TABLE oracle WSI pts/6 23-OCT-02 WSI TESTJAY 103 SESSION REC I'm not clear on 1) What the action SESSION REC means 2) Why there was no entry for the revoke 3) Why the entry for the grant had no data in the columns OBJ_PRIVILEGE or GRANTEE Is there anything else I should be doing to audit these actions? I tried posting this on the Oracle Forum and all the support person told me was that I probably hadn't restarted the database since changing the init.ora parameter (untrue). Thanks, Jay Miller -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Miller, Jay INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
