Oracle Cloud Infrastructure Documentation

Basic Auditing Policies

You can enable the following basic auditing policies:

  • Critical Database Activity
  • Login Events
  • Database Schema Changes

The Critical Database Activity policy allows you to audit critical database activity, for example, when a user, role, or profile is created, modified, or dropped.

The following audit policy gets provisioned on the cloud database target:

CREATE AUDIT POLICY ORA_ADS$_CRITICAL_DB_ACTIVITY
PRIVILEGES EXEMPT ACCESS POLICY,EXEMPT REDACTION POLICY,
		ADMINISTER KEY MANAGEMENT,EXPORT FULL DATABASE,IMPORT FULL DATABASE,
		CREATE PUBLIC DATABASE LINK, ALTER PUBLIC DATABASE LINK, DROP PUBLIC DATABASE LINK,
		CREATE PUBLIC SYNONYM, DROP PUBLIC SYNONYM,
		SELECT ANY DICTIONARY, ADMINISTER DATABASE TRIGGER,
		PURGE DBA_RECYCLEBIN, LOGMINING
ACTIONS CREATE USER, ALTER USER, DROP USER,
		CREATE ROLE, DROP ROLE, ALTER ROLE, SET ROLE, GRANT, REVOKE,
		CREATE PROFILE, ALTER PROFILE, DROP PROFILE,
		CREATE PLUGGABLE DATABASE, DROP PLUGGABLE DATABASE, ALTER PLUGGABLE DATABASE,
		CREATE LOCKDOWN PROFILE, ALTER LOCKDOWN PROFILE, DROP LOCKDOWN PROFILE,
		ALTER DATABASE, ALTER SYSTEM,
		CREATE TABLESPACE, ALTER TABLESPACE, DROP TABLESPACE,
		CREATE ROLLBACK SEGMENT, ALTER ROLLBACK SEGMENT, DROP ROLLBACK SEGMENT,
		CREATE DIRECTORY, DROP DIRECTORY,
		 CREATE DISK GROUP,ALTER DISK GROUP,DROP DISK GROUP,
		CREATE PFILE,CREATE SPFILE
ACTIONS COMPONENT = datapump EXPORT,IMPORT
ACTIONS COMPONENT = DIRECT_LOAD LOAD;

AUDIT POLICY ORA_ADS$_CRITICAL_DB_ACTIVITY;
-- enabled for all users

The Login Events policy tracks all login and logoff activities by users. You can specify Oracle-maintained users and non-Oracle-maintained users to be excluded.

The following audit policy gets provisioned on the cloud database target:

CREATE AUDIT POLICY ORA_ADS$_LOGON_EVENTS ACTIONS LOGON,LOGOFF;
CREATE AUDIT POLICY ORA_ADS$_LOGON_FAILURES ACTIONS LOGON;
AUDIT POLICY ORA_ADS$_LOGON_EVENTS EXCEPT <comma separated user list>;
AUDIT POLICY ORA_ADS$_LOGON_FAILURES whenever not successful;

The Database Schema Changes policy tracks all Data Definition Language (DDL) commands issued by any database user, for example, when a table, database link, function, or trigger is created, modified, or dropped.

The following audit policy gets provisioned on the cloud database target:

CREATE AUDIT POLICY ORA_ADS$_DB_SCHEMA_CHANGES
PRIVILEGES
		 CREATE EXTERNAL JOB, CREATE JOB, CREATE ANY JOB
ACTIONS CREATE PROCEDURE, DROP PROCEDURE, ALTER PROCEDURE,
		CREATE PACKAGE, ALTER PACKAGE, DROP PACKAGE, CREATE PACKAGE BODY, ALTER PACKAGE BODY, DROP PACKAGE BODY,
		CREATE FUNCTION, DROP FUNCTION, ALTER FUNCTION,
		CREATE TRIGGER, ALTER TRIGGER, DROP TRIGGER,
		CREATE LIBRARY, ALTER LIBRARY, DROP LIBRARY,
		CREATE SYNONYM, DROP SYNONYM,
		CREATE TABLE, ALTER TABLE, DROP TABLE, TRUNCATE TABLE,
		 CREATE DATABASE LINK, ALTER DATABASE LINK, DROP DATABASE LINK,
		CREATE INDEX, ALTER INDEX, DROP INDEX,
		CREATE OUTLINE, ALTER OUTLINE,DROP OUTLINE,
		CREATE CONTEXT, DROP CONTEXT,
		CREATE ATTRIBUTE DIMENSION,ALTER ATTRIBUTE DIMENSION,DROP ATTRIBUTE DIMENSION,
		CREATE DIMENSION,ALTER DIMENSION,DROP DIMENSION,
		CREATE INDEXTYPE,ALTER INDEXTYPE,DROP INDEXTYPE,
		CREATE OPERATOR,ALTER OPERATOR,DROP OPERATOR,
		CREATE JAVA,ALTER JAVA,DROP JAVA,
		CREATE MINING MODEL,ALTER MINING MODEL,DROP MINING MODEL,
		CREATE TYPE BODY,ALTER TYPE BODY,DROP TYPE BODY,
		CREATE TYPE,ALTER TYPE,DROP TYPE,
		CREATE MATERIALIZED VIEW,ALTER MATERIALIZED VIEW,DROP MATERIALIZED VIEW,
		CREATE MATERIALIZED VIEW LOG, ALTER MATERIALIZED VIEW LOG,DROP MATERIALIZED VIEW LOG,
		CREATE MATERIALIZED ZONEMAP, ALTER MATERIALIZED ZONEMAP,DROP MATERIALIZED ZONEMAP,
		CREATE VIEW, ALTER VIEW, DROP VIEW,CREATE ANALYTIC VIEW, ALTER ANALYTIC VIEW, DROP ANALYTIC VIEW,
		CREATE SEQUENCE, ALTER SEQUENCE, DROP SEQUENCE,
		CREATE CLUSTER, ALTER CLUSTER, DROP CLUSTER,TRUNCATE CLUSTER;

AUDIT POLICY ORA_ADS$_DB_SCHEMA_CHANGES;
-- enabled for all users