My Oracle Support Banner

Database Vault Realm Violation Action Not Audited By Unified Auditing (Doc ID 2598824.1)

Last updated on FEBRUARY 04, 2020

Applies to:

Oracle Database - Enterprise Edition - Version 12.2.0.1 and later
Information in this document applies to any platform.

Symptoms

CREATE AUDIT POLICY <UNIFIED_AUDIT_POLICY_NAME>
ACTIONS COMPONENT=DV
Realm Success ON "<REALM_NAME>",REALM VIOLATION ON "<REALM_NAME>";
SQL> select * from <OWNER1>.<TABLE_NAME>;
                                         *
ERROR at line 1:
ORA-01031: insufficient privileges

SQL> insert into <OWNER1>.<TABLE_NAME> select * from <OWNER1>.<TABLE_NAME> where 0=1;
                                                  *
ERROR at line 1:
ORA-01031: insufficient privileges

Audit failure case:

PARSE ERROR #140454301098544:len=90 dep=0 uid=143 oct=2 lid=143 tim=15207005097353 err=1031
insert into <OWNER1>.<TABLE_NAME> select * from <OWNER1>.<TABLE_NAME> where 0=1



Audit success case:

PARSING IN CURSOR #140454301098544 len=40 dep=0 uid=143 oct=3 lid=143 tim=15207005068321 hv=2220994542 ad='ad28b9d0' sqlid='c9yu7d2263bzf'
SELECT * FROM <OWNER1>.<TABLE_NAME>
END OF STMT
PARSE #140454301098544:c=10092,e=10730,p=0,cr=18,cu=0,mis=1,r=0,dep=0,og=1,plh=1770943293,tim=15207005068321
----- Current SQL Statement for this session (sql_id=c9yu7d2263bzf) -----
SELECT * FROM <OWNER1>.<TABLE_NAME>

------ Call Stack Trace ------
kzvdvechk_ownerid<-kzvdveqau<-kksfbc<-opiexe<-kpoal8<-opiodr<-ttcpip<-opitsk<-opiino<-opiodr<-opidrv<-sou2o<-opimai_real<-ssthrdmain<-main<-__libc_start_main=====================

Result=Realm Authorization Failed
Realm_Name=<REALM_NAME> Required_Auth_Level=0
Current_User=143
Object_Owner=<OWNER1> Object_Name=<TABLE_NAME> Object_Type=TABLE
SQL_Text=SELECT * FROM <OWNER1>.<TABLE_NAME>



Trace Event setting:


<Turn On>
ALTER SESSION SET EVENTS 'TRACE[DV] DISK=HIGHEST';
ALTER SESSION SET EVENTS '47998 TRACE NAME CONTEXT FOREVER, LEVEL 4';
alter session set events '10046 trace name context forever, level 12';

<database vault realm violation actions>

<Turn Off>
ALTER SESSION SET EVENTS 'TRACE[DV] OFF';
ALTER SESSION SET EVENTS '47998 off';
alter session set events '10046 off';

 

 

Changes

 The executing user has SELECT ANY TABLE system privilege, but does not have INSERT/UPDATE/DELETE privilege on <OWNER1>.<TABLE_NAME>.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.