Oracle Cloud Infrastructure Documentation

User Activity Auditing Policy

The User Activity Auditing policy tracks all activity by users who may have access to sensitive data or who are under observation. These users could be “non-admin but privileged” users. When enabling this policy in the interface, you must specify non-Oracle maintained users to audit.

The following audit policy gets provisioned on the cloud database target:

CREATE AUDIT POLICY ORA_ADS$_USER_ACTIVITY ACTIONS ALL
WHEN 'SYS_CONTEXT(''USERENV'', ''CURRENT_USER'') NOT IN (''DIP'',''WMSYS'',''XDB'',''ORDDATA'',''OLAPSYS'',''MDSYS'',''ORDPLUGINS'',''GSMADMIN_INTERNAL'',''SI_INFORMTN_SCHEMA'',''ANONYMOUS'',''GGSYS'',''DBSFWUSER'',''APPQOSSYS'',''DBSNMP'',''GSMUSER'',''SYSDG'',''SYS$UMF'',''ORACLE_OCM'',''OUTLN'',''SYSKM'',''SYS'',''SYSTEM'',''XS$NULL'',''GSMCATUSER'',''MDDATA'',''SYSBACKUP'',''REMOTE_SCHEDULER_AGENT'',''SYSRAC'',''CTXSYS'',''DVF'',''OJVMSYS'',''DVSYS'',''AUDSYS'',''ORDSYS'',''LBACSYS'')' EVALUATE PER STATEMENT;

AUDIT POLICY ORA_ADS$_USER_ACTIVITY BY <comma-separated non-Oracle maintained user list>