Professional Documents
Culture Documents
Roh Oracle 10gr2 Fga
Roh Oracle 10gr2 Fga
Roh Oracle 10gr2 Fga
Auditing
Monitoring and recording of selected user database
actions
SQL statements User name Application Time, etc
specified elements in an Oracle database are accessed or altered, including the contents within a specified object
Auditing
Purpose
Enable future accountability for current actions taken
in particular schema, table, or row, or affecting specific content Deter users (or others) from inappropriate actions based on that accountability Investigate suspicious activity
Deletion of rows from tables
Auditing
Purpose
Notify an auditor that an unauthorized user is
manipulating or deleting data and that the user has more privileges than expected which can lead to reassessing user authorizations Monitor and gather data about specific database activities
Updates, number of concurrent users at peak times
implementation
Create audit policies to track them
Audit Records
Audit records
Successful statement execution, unsuccessful
statement execution, or both Statement execution once in each user session or once every time the statement is executed Activities of all users or of a specified user
Audit record storage
Contains audited operation, user of operation, time
and date of operation Data dictionary table database audit trail Operating system files operating system audit trail
Audit Types
Types of Audits
Statement Auditing AUDIT TABLE Audit SQL statements by type of statement Broad Audit on selected user or every user
Privilege Auditing AUDIT CREATE TABLE Statement auditing, auditing particular type of action Audit on selected user or every user
Audit Types
Types of Audits
Schema Object Auditing AUDIT SELECT ON <employees> Audit specific statements on particular schema objects Focused Specified type of statement on a specified schema object Always applies to all users of the database Fine-Grained Auditing Audit at the most granular level Data access and actions based on content using any Boolean measure Audit on access to or change in a column
FGA vs Triggers
Triggers PS/SQL call for every row processed Create record only when relevant information changed by DML statement
FGA
No additional cost per row process Audit only once for every policy Audit when specified relevant column occur Specific type of DML statement Changed by statement/selection Combination criteria statement Supports tables and views
Fine-Grained Auditing
Implement security policies and associate security
of data access method (e.g. through application by ad hoc queries) Application context with fined-grained access control is called Virtual Private Database (VPD)
Fine-Grained Auditing
Advantages
Simple user-defined SQL predicates on objects as
referenced Restrict access using a combination of row-level and column-level controls, by applying a VPD policy to a view
static policies, and others that can change during execution, called dynamic policies Use more than one policy for each table, including building on top of base policies in packaged applications Distinguish policies between different applications by using policy groups. Each policy group is a set of policies that belong to an application
security policies Designate an application context, called a driving context, to indicate the policy group in effect. When tables, views, or synonyms are accessed, the finegrained access control engine looks up the driving context to determine the policy group in effect and enforces all the associate policies that belong to that policy group
Fine-Grained Auditing
PL/SQL package
Administer security policies/policy groups Add, drop, enable, refresh DBMS_RLS for VPD (fine-grained access control) DBMS_FGA for Fine-Grained Auditing
Fine-Grained Auditing
Minimize false or unhelpful audits with
specifications
Audit INSERT, UPDATE, MERGE, SELECT, DELETE
DBMS_FGA.DISABLE_POLICY
Fine-Grained Auditing
Policies
Monitor data accessed based on content Specify columns and conditions E.g. specific types of DML statements in connection with columns specified Specify name of routine performed when audit event
occurs
Notify
Alert administrator
Handle errors and anomalies
Fine-Grained Auditing
Policies
Example Limiting logical access to Specifications Test results for product under developement Salary
The name of the object to be audited. The unique name of the policy. A condition in a row that indicates a monitoring condition. NULL is allowed and acts as TRUE.
The columns to be checked for access. These can include hidden columns. The default, NULL, causes audit if any column is accessed or affected. The schema that contains the event handler. The default, NULL, causes the current schema to be used. The function name of the event handler includes the package name if necessary. This function is called only after the first row that matches the audit condition in the query is processed. If the procedure fails with an exception, then the user SQL statement will fail as well. Whether the policy is to be enabled: TRUE means enable it. The SQL statement types to which this policy is applicable: INSERT, UPDATE, DELETE, or SELECT only. Both where to write the fine-grained audit trail and whether or not to populate LSQLTEXT and LSQLBIND. Whether a statement is audited when the query references any column specified in the audit_column parameter or only when all such columns are referenced.
NULL
NULL NULL NULL
Fine-Grained Auditing
Event handler Flexible event handler (handler_module)
Notify administrator when triggering event occurs
PROCEDURE <procedure name> (object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2 ) AS ...
Fine-Grained Auditing
DBMS_FGA.ADD_POLICY Syntax
DBMS_FGA.ADD_POLICY( object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2, audit_condition VARCHAR2, audit_column VARCHAR2, handler_schema VARCHAR2, handler_module VARCHAR2, enable BOOLEAN, statement_types VARCHAR2, audit_trail BINARY_INTEGER IN DEFAULT, audit_column_opts BINARY_INTEGER IN DEFAULT);
Fine-Grained Auditing
DBMS_FGA.ADD_POLICY Example
begin DBMS_FGA.ADD_POLICY object_schema object_name policy_name audit_condition audit_column handler_schema handler_module enable statement_types audit_trail audit_column_opts end; / ( => => => => => => => => => => => 'scott', 'emp', 'mypolicy1', 'sal < 100', -- audit when sal < 100 'comm, sal', NULL, NULL, TRUE, 'INSERT, UPDATE', DBMS_FGA.XML + DBMS_FGA.EXTENDED, DBMS_FGA.ANY_COLUMNS);
Fine-Grained Auditing
DBMS_FGA.ADD_POLICY Example
begin DBMS_FGA.ADD_POLICY ( object_schema => 'HR', object_name => 'EMPLOYEES', policy_name => 'POLICY_EMP_SAL_COMM', audit_condition => 'NULL', -- record all audit_column => 'SALARY, COMMISSION_PCT', statement_types => 'SELECT, UPDATE', audit_column_opts => DBMS_FGA.ALL_COLUMNS -- audit when all audit_column specified are in statement_types); end; / PL/SQL procedure successfully completed.
Fine-Grained Auditing
Example executions as HR:
UPDATE hr.employees SET SALARY = SALARY+ 4000 WHERE employee_id =197; UPDATE hr.employees SET SALARY = SALARY+ 4000, COMMISSION_PCT = COMMISSION_PCT+ 0.5 WHERE COMMISSION_PCT > 0;
Fine-Grained Auditing
Example executions before enabled:
UPDATE hr.employees SET SALARY = SALARY+ 4000 WHERE employee_id =197; UPDATE hr.employees SET SALARY = SALARY+ 4000, COMMISSION_PCT = COMMISSION_PCT+ 0.5 WHERE COMMISSION_PCT > 0;
1 row updated.
35 rows updated.
Fine-Grained Auditing
DBMS_FGA.ENABLE_POLICY Example
DBMS_FGA.ENABLE_POLICY( object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2, enable BOOLEAN); BEGIN DBMS_FGA.ENABLE_POLICY ( object_schema => 'HR', object_name => 'EMPLOYEES', policy_name => 'POLICY3_EMP_SAL_COMM', enable => TRUE); END; / PL/SQL procedure successfully completed.
Fine-Grained Auditing
DBMS_FGA.ENABLE_POLICY Example
DBMS_FGA.DISABLE_POLICY( object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2, enable BOOLEAN);
Fine-Grained Auditing
Example executions when enabled:
UPDATE hr.employees SET SALARY = SALARY+ 4000 WHERE employee_id =197; 1 row updated. -- NOT audited as only UPDATE on SALARY (no COMMISION_PCT) UPDATE hr.employees SET SALARY = SALARY+ 4000, COMMISSION_PCT = COMMISSION_PCT+ 0.5 WHERE COMMISSION_PCT > 0; 35 rows updated. UPDATE hr.employees * ERROR at line 1: ORA-28138: Error in Policy Predicate -- audited when UPDATE/SELECT on SALARY AND COMMISION_PCT
Fine-Grained Auditing
Example executions when enabled:
SELECT employee_id, salary FROM hr.employees; 107 rows selected. -- NOT audited as require SALARY and COMMISSION_PCT
DELETE hr.employees WHERE employee_id = 110; 1 row deleted. -- NOT audited as DELETE action not specified SELECT * FROM hr.employees; 106 rows selected. SELECT * FROM hr.employees * ERROR at line 1: ORA-28112: failed to execute policy function
Fine-Grained Auditing
Audit trails:
SELECT * FROM SYS.FGA_LOG$; SELECT/DELETE * FROM DBA_FGA_AUDIT_TRAIL; 847 20-APR-10 HR WORKGROUP\MET-VS HR POLICY_EMP_SAL_COMM UPDATE hr.employees SET SALARY = SALARY+ 4000 WHERE employee_id =197 UPDATE 20-APR-10 03.39.32.544000 PM -04:00
OBJECT_NAME
OBJECT_SCHEMA POLICY_NAME
VARCHAR2(128)
VARCHAR2(30) VARCHAR2(30)
PROXY_SESSIONID
SESSION_ID SQL_BIND
NUMBER
NUMBER VARCHAR2(4000)
SQL_TEXT
STATEMENT_TYPE STATEMENTID TERMINAL TRANSACTIONID
VARCHAR2(4000)
VARCHAR2(28) NUMBER VARCHAR2(255) RAW(8)
AUDIT_ACTIONS
ALL_DEF_AUDIT_OPTS DBA_STMT_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_OBJ_AUDIT_OPTS USER_OBJ_AUDIT_OPTS DBA_AUDIT_TRAIL USER_AUDIT_TRAIL DBA_AUDIT_OBJECT USER_AUDIT_OBJECT DBA_AUDIT_SESSION USER_AUDIT_SESSION DBA_AUDIT_STATEMENT USER_AUDIT_STATEMENT
Describes current system privileges being audited across the system and by user.
Describes auditing options on all objects. The USER view describes auditing options on all objects owned by the current user. Lists all audit trail entries. The USER view shows audit trail entries relating to current user. Contains audit trail records for all objects in the system. The USER view lists audit trail records for statements concerning objects that are accessible to the current user. Lists all audit trail records concerning CONNECT and DISCONNECT. The USER view lists all audit trail records concerning connections and disconnections for the current user. Lists audit trail records concerning GRANT, REVOKE, AUDIT, NOAUDIT, and ALTER SYSTEM statements throughout the database, or for the USER view, issued by the user.
DBA_AUDIT_EXISTS
DBA_AUDIT_POLICIES DBA_FGA_AUDIT_TRAIL DBA_COMMON_AUDIT_TRAIL
Audit Trails
Combining regular auditing (AUDIT command)
dictionary view
Union of DBA_AUDIT_TRAIL and DBA_FGA_AUDIT_TRAIL
data dictionary views DBA_AUDIT_TRAIL view provides audit trail entries DBA_FGA_AUDIT_TRAIL displays all audit records for FGA
Questions/Comments?