My Oracle Support Banner

How To Audit GRANT ANY PRIVILEGE Or GRANT ANY ROLE (Doc ID 222807.1)

Last updated on OCTOBER 26, 2023

Applies to:

Oracle Database Cloud Schema Service - Version N/A and later
Gen 1 Exadata Cloud at Customer (Oracle Exadata Database Cloud Machine) - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Information in this document applies to any platform.

Symptoms

You are attempting to audit the GRANT ANY PRIVILEGE and/or the GRANT ANY ROLE statement but no audit records are produced for these two audited activities.

You have turned on auditing properly.You used the following steps to audit the granting of GRANT ANY PRIVILEGE and/or GRANT ANY ROLE to other users:

   SQL> GRANT grant any privilege TO usr1;
   Grant succeeded.

   SQL> AUDIT grant any privilege BY usr1;
   Audit succeeded.
 
   SQL> SELECT * FROM sys.DBA_PRIV_AUDIT_OPTS;

   USER_NAME  PROXY_NAME PRIVILEGE           SUCCESS   FAILURE
   ---------- ---------- ------------------- --------- ---------
   USR1                  GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
 
   SQL> CONNECT usr1/password
   Connected.

   SQL> GRANT grant any privilege TO user2;
   Grant succeeded.

   SQL> select  USERNAME, ACTION, ACTION_NAME, SYS_PRIVILEGE,GRANTEE,AUDIT_OPTION, PRIV_USED from dba_audit_trail WHERE USERNAME='USR1';
   no rows selected

Changes

 NA

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.