我创建了一个pri用户,赋予他的权限有select any table和connect角色,现在以SYS用户登录并执行命令audit select any table,并显示执行审计成功。
接下来我以pri用户登录,并对scott下的表进行查询SQL> show user
USER is "PRI"
SQL> select * from scott.dept;
SQL> select * from scott.emp;
SQL> select * from scott.bonus;在SYS用户下进行如下查询
SQL> conn / as sysdba
Connected.
SQL> select count(*) from dba_audit_trail where username='PRI'; COUNT(*)
----------
3
SQL> noaudit select any table;Noaudit succeeded.
按说NOAUDIT了就不应该再进行记录了呀,可是接下来我以pri用户继续对scott下的几个表查询的时候,发现审计记录好像还在继续增加。
SQL> select count(*) from dba_audit_trail where username='PRI'; COUNT(*)
----------
4SQL> select count(*) from dba_audit_trail where username='PRI'; COUNT(*)
----------
5这是为什么呢?执行UNAUDIT的时候已经提示了Noaudit succeeded.了呀。
我shutdown immediate 再startup还是不行
难道非得把AUDIT_TRAIL参数设置为NONE才行吗
接下来我以pri用户登录,并对scott下的表进行查询SQL> show user
USER is "PRI"
SQL> select * from scott.dept;
SQL> select * from scott.emp;
SQL> select * from scott.bonus;在SYS用户下进行如下查询
SQL> conn / as sysdba
Connected.
SQL> select count(*) from dba_audit_trail where username='PRI'; COUNT(*)
----------
3
SQL> noaudit select any table;Noaudit succeeded.
按说NOAUDIT了就不应该再进行记录了呀,可是接下来我以pri用户继续对scott下的几个表查询的时候,发现审计记录好像还在继续增加。
SQL> select count(*) from dba_audit_trail where username='PRI'; COUNT(*)
----------
4SQL> select count(*) from dba_audit_trail where username='PRI'; COUNT(*)
----------
5这是为什么呢?执行UNAUDIT的时候已经提示了Noaudit succeeded.了呀。
我shutdown immediate 再startup还是不行
难道非得把AUDIT_TRAIL参数设置为NONE才行吗
2 ;Audit succeeded.SQL> grant create user to scott;Grant succeeded.SCOTT用户登录进去 接连创建4个用户t1 t2 t3 t4
SQL> create user t1 identified by t1;User created.SQL> create user t2 identified by t2;User created.SQL> create user t3 identified by t3;User created.SQL> create user t4 identified by t4;User created.这边SYS用户在不断的对DBA_AUDIT_TRAIL进行查询,结果如下所示SQL> select username,obj_name,priv_used from dba_audit_trail
2 where priv_used='CREATE USER';USERNAME OBJ_NAME PRIV_USED
------------------------------ -------------------- --------------------
SCOTT T1 CREATE USERSQL> /USERNAME OBJ_NAME PRIV_USED
------------------------------ -------------------- --------------------
SCOTT T1 CREATE USER
SCOTT T2 CREATE USERSQL> /USERNAME OBJ_NAME PRIV_USED
------------------------------ -------------------- --------------------
SCOTT T1 CREATE USER
SCOTT T2 CREATE USER
SCOTT T3 CREATE USER
SCOTT T4 CREATE USERSQL>从这里看来,每进行一次CREATE USER权限的操作都会被记录下来。可是我做SELECT ANY TABLE的实验好像结果不是这个样子 请看下面的例子
我就光把操作和最终的查询结果贴出来好了
对dept和bonus表查询执行的次数都超过了DBA_AUDIT_TRAIL中记录的次数 这是为什么呢?
并且有一条记录的priv_used字段还是空值??
--以pri用户进行如下查询
SQL> select * from scott.bonus;
SQL> select * from scott.bonus;
SQL> select * from scott.emp;
SQL> select * from scott.emp; --对emp查询两次,显示两条结果
SQL> select * from scott.bonus;
SQL> select * from scott.dept;
SQL> select * from scott.dept;
SQL> select * from scott.dept;
SQL> select * from scott.dept;
SQL> select * from scott.dept; --对dept查询了五次,可是只显示了4条结果
SQL> select * from scott.bonus; --对bonus查询了四次,可是只显示了3条结果--对DBA_AUDIT_TRAIL的查询结果如下所示
SQL> select username,obj_name,priv_used from dba_audit_trail;USERNAME OBJ_NAME PRIV_USED
------------------------------ -------------------- --------------------
PRI BONUS SELECT ANY TABLE
PRI BONUS SELECT ANY TABLE
PRI EMP SELECT ANY TABLE
PRI EMP SELECT ANY TABLE
PRI BONUS SELECT ANY TABLE
PRI DEPT SELECT ANY TABLE
PRI DEPT --这个地方为什么会是空的?
PRI DEPT SELECT ANY TABLE
PRI DEPT SELECT ANY TABLE9 rows selected.
SQL> select count(*) from aud$; COUNT(*)
----------
9
我本来AUDIT_TRAIL是NONE的,就是做这个实验时候才改为DB,而且audit_sys_operations也是FALSE就算有其他AUDIT的话,那么也应该是DBA_AUDIT_TRAIL中的记录多于我的操作才对呀.
现在问题是少了.