Skip to Main Content

Breadcrumb

Question and Answer

Chris Saxon

Thanks for the question.

Asked: March 13, 2023 - 3:47 pm UTC

Last updated: May 22, 2023 - 1:34 pm UTC

Version: 19.16.0.0.0.

Viewed 1000+ times

You Asked

Dear Sirs,

I'm using database version 19c and trying to set a filter on schema level before inserting into UNIFIED_AUDIT_TRAIL view.

I tried these example policies but without success:

CREATE AUDIT POLICY test1
 ACTIONS 
 UPDATE ON <schemaname>.*
WHEN 'INSTR(UPPER(SYS_CONTEXT(''USERENV'',''CLIENT_PROGRAM_NAME'')), ''FRMWEB'') = 0'
EVALUATE PER SESSION
ONLY TOPLEVEL;

CREATE AUDIT POLICY test2
 ACTIONS 
 UPDATE ON <schemaname>
WHEN 'INSTR(UPPER(SYS_CONTEXT(''USERENV'',''CLIENT_PROGRAM_NAME'')), ''FRMWEB'') = 0'
EVALUATE PER SESSION
ONLY TOPLEVEL;


Also there is in my opinion no paramter, like obj_owner, in the namespace userenv in sys_context.

Do you have a hint please or is logging on schema level not possible?

Many thanks

Juergen

and Chris said...

You are correct. Currently, there is no option to do this at the schema level. There are plans to support this.

To help the team build this it would help if you could let us know:

How many objects (tables) are to be audited under the specific schema?
How frequently this list would change? Ie, how frequently new objects are created under the schema? Once a month or Once 3 months (whenever application patch applied, etc)

Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.