Trigger Used to Audit Enterprise Users Does Not Populate DBA_AUDIT_TRAIL.COMMENT_TEXT (Doc ID 2282546.1)

Last updated on JULY 09, 2017

Applies to:

Advanced Networking Option - Version 12.1.0.2 and later
Information in this document applies to any platform.

Symptoms

When Enterprise Users using a shared schema connect to a database, the DN of the Enterprise User can be recorded in DBA_AUDIT_TRAIL.COMMENT_TEXT (not CLIENT_ID), but only for LOGON and LOGOFF audit records, using the technique described in <Note 465674.1>.

For other types of audited actions, one can write a custom trigger that uses SYS_CONTEXT( 'USERENV' , 'EXTERNAL_NAME' ) to obtain the DN of the Enterprise User, followed by DBMS_SESSION.SET_IDENTIFIER to set the CLIENT_ID, which will then be captured in DBA_AUDIT_TRAIL.COMMENT_TEXT.

However, the trigger seems not to fire for certain users, who have the same enterprise roles and privileges as users for whom the trigger is working.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms