Skip to Main Content
  • Questions

  • Auditing execution of a given procedure by a given user

Breadcrumb

Question and Answer

Tom Kyte

Thanks for the question, Robert.

Asked: November 09, 2009 - 2:25 pm UTC

Last updated: November 15, 2009 - 1:09 pm UTC

Version: 10.2.0.4

Viewed 10K+ times! This question is

You Asked

Hi Tom,

How can we audit the execution of any given procedure P1 by any given user U1 without modifying the procedure to track this?
In other words using Oracle built-in auditing, database trigger, etc.?

Oracle Support says there is no way.

Thanks,

Robert.

and Tom said...

You can audit execute on a given procedure by access or by session, but it is sort of global.

You can audit an individuals execution of any (all) procedures, it'll be global for that user (could be a ton of information as every procedure executed will appear here)


So, path of least resistance - audit execute on procedure_name by session, that'll give you a single record for each session that executes the procedure (regardless of who executed it)


sys%ORA10GR2> connect /
Connected.
ops$tkyte%ORA10GR2> audit execute on p1 by session;

Audit succeeded.

ops$tkyte%ORA10GR2>
ops$tkyte%ORA10GR2> connect a/a
Connected.
a%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

a%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

a%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

a%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

a%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

a%ORA10GR2> connect b/b
Connected.
b%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

b%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

b%ORA10GR2> exec ops$tkyte.p1

PL/SQL procedure successfully completed.

b%ORA10GR2> connect /
Connected.
ops$tkyte%ORA10GR2> select username, owner, obj_name, action_name from dba_audit_trail;

USERNAME OWNER      OBJ_N ACTION_NAME
-------- ---------- ----- ----------------------------
B        OPS$TKYTE  P1    SESSION REC
A        OPS$TKYTE  P1    SESSION REC




It will not be selective by user, but you can always filter that with a where clause.



This is short of renaming (by recreating) the procedure P1 to P1_ORIG and creating something like:

create procedure p1( ... inputs/outputs ... )
as
begin
   if (user = 'X')
   then
       call_autonomous_transaction_to_log_execution;
   end if;
   p1_orig( .... inputs/outputs ... );
end;







Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Thanks Tom.

Robert, November 11, 2009 - 3:07 pm UTC

Thanks Tom... but it seems odd to me that Oracle would not have something like this built in... by this time?

Your thoughts?
Tom Kyte
November 15, 2009 - 1:09 pm UTC

did you or anyone else ever request it? Unless things get logged in the enhancement request queue - they might never see the light of day.


more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

PL/SQL demos

Check out more PL/SQL tutorials on our LiveSQL tool.

PL/SQL docs

PL/SQL reference manual from the Oracle documentation library