DBTools Worksheet OCI Client Session Shows CLIENT_ID More Than 64 Characters and Gets Truncated at UNIFIED_AUDIT_TRAIL
(Doc ID 3051708.1)
Last updated on OCTOBER 09, 2024
Applies to:
Database Tools Service - Version NA and laterInformation in this document applies to any platform.
Symptoms
On OCI Cloud, While looking to the audit logs of the OCI , following is observed
The CLIENT_IDENTIFIER is set using fedrationOCID/username i.e <OCID associated with worksheet>/<username@domain.com>.Since this is often longer than 64 bytes, the database truncates the end of the string thus loosing the very important user name information.
Steps to check on the Issue
-------------------------------------
1. Login to cloud as federated user by providing username and password.
2. Open up worksheet at connect to database. Execute some insert statement for audit to capture log activity.
3. Check the log by navigating under "Observability & Management" -> log -> Audit
4. Pull the json text and look for principalid. it is shown as
Value is more than 64 characters in length.
5. Now navigate to look at the unified audit
database side - Data Safe -> Security center -> Activity auditing -> Audit reportxxx-> Report information
6. review the client_id
This data is truncated and username is missing. This is truncating due to Unified_audit_trail table having column client_identifier as varchar2(64).
Data stored in this table gets truncated to 64 characters as the client_id is longer than 64 character.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |