oracle “通过会话审核创建会话”与“通过访问审核创建会话”?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4942672/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
"audit create session by session" vs. "audit create session by access"?
提问by kupa
When I enabling auditing for create sessionby the following way:
当我通过以下方式为创建会话启用审计时:
audit create session by session;
Then I am querying the following:
然后我查询以下内容:
select * from dba_priv_audit_opts;
The result is:
结果是:
USERNAME | PROXY_NAME | AUDIT_OPTION | SUCCESS | FAILURE |
...............................................................
- | - | CREATE SESSION | BY ACCESS | BY ACCESS|
But, when I enabling auditing for create sessionby the following way:
但是,当我通过以下方式为创建会话启用审计时:
audit create session by access;
Then I am querying the following:
然后我查询以下内容:
select * from dba_priv_audit_opts;
The result is the same:
结果是一样的:
USERNAME | PROXY_NAME | AUDIT_OPTION | SUCCESS | FAILURE |
...............................................................
- | - | CREATE SESSION | BY ACCESS | BY ACCESS|
Why? Do you have any idea?
为什么?你有什么主意吗?
回答by Vincent Malgrat
11gR2 and above:
11gR2 及以上:
BY SESSIONis effectively disabled and all auditing is done per access.
BY SESSION被有效禁用,所有审计都是按访问完成的。
11gR1 and below:
11gR1 及以下:
The difference between BY SESSIONand BY ACCESSis that when you specify BY SESSIONOracle will try to merge multiple audit entries into one record when the session and the action audited match.
BY SESSION和BY ACCESS之间的区别在于,当您指定BY SESSION当会话和被审计的操作匹配时,Oracle 将尝试将多个审计条目合并为一个记录。
It only works for SQL statements other than DDL though, From the above link:
它只适用于 DDL 以外的 SQL 语句,来自上面的链接:
If you specify statement options or system privileges that audit data definition language (DDL) statements, then the database automatically audits by access regardless of whether you specify the BY SESSION clause or BY ACCESS clause.
如果您指定审计数据定义语言 (DDL) 语句的语句选项或系统权限,则无论您指定 BY SESSION 子句还是 BY ACCESS 子句,数据库都会自动按访问进行审计。
Since CREATE SESSIONis a DDL statement Oracle audits this statement by access.
由于CREATE SESSION是一个 DDL 语句,Oracle 通过访问来审计这个语句。
