Unified Audit Policy to Audit Roles does not Generate Audit Records (Doc ID 2209425.1)

Last updated on JANUARY 12, 2017

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.2 and later
Information in this document applies to any platform.

Symptoms

1) Unified auditing is enabled.
    SQL>select value from v$option where parameter = 'Unified Auditing';

             VALUE
             TRUE

2)Create testrole and testuser:

   SQL>create user testuser identified by testuser123;

   SQL>create table Table1 (a1 int, a2 int);
   SQL>insert into table1 values (1,2);
   SQL>commit;

   SQL>create role testrole;
   SQL>grant connect to testrole;
   SQL>grant select on table1 to testrole;

   SQL>grant testrole to testuser;

3) Create and enable unified audit policy:

  SQL>create audit policy test_auditpolicy roles testrole;
  SQL>audit policy test_auditpolicy by testuser;

4) Now the policy is enabled:

  SQL>select * from audit_unified_enabled_policies;

           user_name policy_name enabled_opt success failure
           TESTUSER TEST_AUDITPOLICY BY YES YES

5) Login to the database as testuser and issue the select statement:

(I assume here the audit record should be created)

select * from table1;

A1 A2
---------- ----------
1 2

6) Then flush from the memory to disk to reflect select operation by user in the unified_audit_trail
   SQL>exec sys.dbms_audit_mgmt.flush_unified_audit_trail;

 

7) Query to verify the audit information:

   SQL>select * from unified_audit_trail where unified_audit_policies like '%TEST_AUDITPOLICY%';

 

It returns no records.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms