Dictionary View Query From User Granted OEM_MONITOR Role Does Not Be Audited by AUDIT SELECT ANY DICTIONARY
(Doc ID 2639477.1)
Last updated on APRIL 17, 2023
Applies to:
Oracle Database - Enterprise Edition - Version 11.2.0.4 and laterInformation in this document applies to any platform.
Symptoms
- The query against dictionary view by the user granted OEM_MONITOR or SELECT_CATALOG_ROLE does not audited though set AUDIT SELECT ANY DICTIONARY,
while the query against dictionary table is audited. - Audit setting:
SQL> select value from v$option where parameter like 'Unified%';
VALUE
----------------------------------------------------------------
FALSE
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string <PATH>
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string OS
unified_audit_sga_queue_size integer 1048576
unified_audit_systemlog string
SQL>
- Test log:
User created.
SQL> grant create session to <USERNAME>;
Grant succeeded.
SQL> grant OEM_MONITOR to <USERNAME>;
Grant succeeded.
SQL> audit select any dictionary by <USERNAME>;
Audit succeeded.
SQL> conn <USERNAME>/<USERNAME>
Connected.
SQL> select count(*) from dba_tables;
COUNT(*)
----------
2273
SQL> select count(*) from v$instance;
COUNT(*)
----------
1
SQL> select count(*) from sys.tab$;
COUNT(*)
----------
2320
SQL>
- Audit log:
LENGTH: "318"
SESSIONID:[7] "2191436" ENTRYID:[1] "1" STATEMENT:[2] "12" USERID:[9] "<USERNAME>" USERHOST:[26] "<HOSTNAME>" TERMINAL:[5] "pts/0" ACTION:[1] "3" RETURNCODE:[1] "0" OBJ$CREATOR:[3] "SYS" OBJ$NAME:[4] "TAB$" OS$USERID:[6] "oracle" DBID:[10] "1512234923" PRIV$USED:[3] "237" CURRENT_USER:[9] "<USERNAME>"
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |