Hello.
Does Oracle writes only successful atempts in fga_log$ or successful and unsucessful? I set audit on select on few tables and got some entries.
Are you talking about standard auditing or fine grained auditing ?
For the former, you can choose what you want. From the docs:
WHENEVER [NOT] SUCCESSFUL
Specify WHENEVER SUCCESSFUL to audit only SQL statements and operations that succeed.
Specify WHENEVER NOT SUCCESSFUL to audit only statements and operations that fail or result in errors.
If you omit this clause, then Oracle Database performs the audit regardless of success or failure.
For the latter, we only log when the fga condition is triggered
SQL> grant dba to demo identified by demo;
Grant succeeded.
SQL>
SQL> connect demo/demo
Connected.
SQL> create table emp as select * from scott.emp;
Table created.
SQL> begin
2 dbms_fga.add_policy
3 ( object_schema => user,
4 object_name => 'EMP',
5 policy_name => 'ENAME_SAL',
6 audit_condition => 'sal > 1500',
7 audit_column => 'SAL' );
8 end;
9 /
PL/SQL procedure successfully completed.
SQL>
SQL> exec dbms_stats.gather_table_stats('','EMP');
PL/SQL procedure successfully completed.
SQL>
SQL> select empno, ename from emp;
EMPNO ENAME
---------- ----------
7369 SMITH
7499 ALLEN
7521 WARD
7566 JONES
7654 MARTIN
7698 BLAKE
7782 CLARK
7788 SCOTT
7839 KING
7844 TURNER
7876 ADAMS
7900 JAMES
7902 FORD
7934 MILLER
14 rows selected.
SQL>
SQL> select * from dba_fga_audit_trail;
no rows selected
SQL>
SQL> variable sal number
SQL> execute :sal := 1400
PL/SQL procedure successfully completed.
SQL>
SQL> select empno, ename from emp where sal < :sal;
EMPNO ENAME
---------- ----------
7369 SMITH
7521 WARD
7654 MARTIN
7876 ADAMS
7900 JAMES
7934 MILLER
6 rows selected.
SQL> execute :sal := 1700
PL/SQL procedure successfully completed.
SQL>
SQL> select empno, ename from emp where sal < :sal;
EMPNO ENAME
---------- ----------
7369 SMITH
7499 ALLEN
7521 WARD
7654 MARTIN
7844 TURNER
7876 ADAMS
7900 JAMES
7934 MILLER
8 rows selected.
SQL>
SQL> @pt "select * from dba_fga_audit_trail"
old 2: p_query varchar2(32767) := q'{&1}';
new 2: p_query varchar2(32767) := q'{select * from dba_fga_audit_trail}';
SESSION_ID : 680517
TIMESTAMP : 19-jan-2016 09:15:21
DB_USER : DEMO
OS_USER : comcdona
USERHOST : ORADEV\COMCDONA-AU
CLIENT_ID :
ECONTEXT_ID :
EXT_NAME :
OBJECT_SCHEMA : DEMO
OBJECT_NAME : EMP
POLICY_NAME : ENAME_SAL
SCN : 7990715
SQL_TEXT : select empno, ename from emp where sal < :sal
SQL_BIND : #1(4):1700
COMMENT$TEXT :
STATEMENT_TYPE : SELECT
EXTENDED_TIMESTAMP : 19-JAN-16 09.15.21.512000 AM +08:00
PROXY_SESSIONID :
GLOBAL_UID :
INSTANCE_NUMBER : 0
OS_PROCESS : 4132:4340
TRANSACTIONID :
STATEMENTID : 50
ENTRYID : 2
OBJ_EDITION_NAME :
DBID : 1914458800
-----------------
PL/SQL procedure successfully completed.
SQL>
SQL>