How To Audit All Create User Activities and Password Changes Including Those Made by GRANT? (Doc ID 728351.1)

Last updated on NOVEMBER 04, 2015

Applies to:

Oracle Database - Enterprise Edition - Version 9.2.0.1 to 11.2.0.3 [Release 9.2 to 11.2]
Information in this document applies to any platform.
Checked for relevance on 06-JUN-2013


Goal

This note explains how to audit all create user activity including those that are implicitly created by a GRANT statement like:

GRANT DBA TO NEW_DBA_USER IDENTIFIED BY NEWPASSWORD

Also, for existing users, it explains how password changes that can also be done with a GRANT statement can be collected out of the audit trail.

The following example can be used to test the results:

connect SYSTEM
create role some_role;

-- test implicit user creation by GRANT statement:
create user user_type1 identified by tiger;
grant dba to user_type2 identified by tiger;
grant some_role to user_type3 identified by tiger;

-- test implicit password changes of existing users:
alter user user_type1 identified by tiger2;
grant dba to user_type2 identified by tiger2;
grant some_role to user_type3 identified by tiger2;

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms