Note that changing audit/noaudit only comes into effect when you reconnect:
select count(*) from t;
COUNT(*)
50000
select username, timestamp from dba_audit_trail
where timestamp > systimestamp - interval '30' second
and obj_name = 'T'
order by 2 desc;
no rows selected
audit select table;
select count(*) from t;
COUNT(*)
50000
select username, timestamp from dba_audit_trail
where timestamp > systimestamp - interval '30' second
and obj_name = 'T'
order by 2 desc;
no rows selected
conn chris/chris
select count(*) from t;
COUNT(*)
50000
select username, timestamp from dba_audit_trail
where timestamp > systimestamp - interval '30' second
and obj_name = 'T'
order by 2 desc;
USERNAME TIMESTAMP
CHRIS 02-NOV-17
noaudit select table;
select count(*) from t;
COUNT(*)
50000
select username, timestamp from dba_audit_trail
where timestamp > systimestamp - interval '30' second
and obj_name = 'T'
order by 2 desc;
USERNAME TIMESTAMP
CHRIS 02-NOV-17
CHRIS 02-NOV-17
conn chris/chris
select count(*) from t;
COUNT(*)
50000
select username, timestamp from dba_audit_trail
where timestamp > systimestamp - interval '30' second
and obj_name = 'T'
order by 2 desc;
USERNAME TIMESTAMP
CHRIS 02-NOV-17
CHRIS 02-NOV-17
Notice that after I run audit select table, the query still audit trail returns nothing until I reconnect. And after running noaudit select table, the query is still audited until the new connection.