6 Replies Latest reply: May 2, 2012 9:09 AM by 878451 RSS

    NOAUDIT table

    878451
      Hello guys, how are you doing ?

      I have an issue:
      How to check users and privileges used by noaudit ?

      An other dba have set noaudit for some users, and i need to check it.

      I was hoping you guys could give me some hint.

      Thanks.
        • 1. Re: NOAUDIT table
          rp0428
          >
          How to check users and privileges used by noaudit ?
          >
          You need to check the system audit views

          See the Using Data Dictionary Views to Find Information About the Audit Trail section in the Security Guide
          http://docs.oracle.com/cd/B28359_01/network.111/b28531/auditing.htm#DBSEG006

          The 'Finding Information About Audited Activities' has what you want.
          • 2. Re: NOAUDIT table
            878451
            Hi, thanks for replying,
            I checked most of theses tables and none returned any information about noaudit users or objects.

            Should i use the FGA to check these informations?
            I just want to check the audited users, and the no-audited users.
            Regards,

            Edited by: BrunoSales on 27/04/2012 11:32
            • 3. Re: NOAUDIT table
              rp0428
              Well doesn't this view listed on the page of the link section I provided give you that info?
              >
              DBA_AUDIT_STATEMENT
              Lists audit trail records concerning GRANT, REVOKE, AUDIT, NOAUDIT, and ALTER SYSTEM statements throughout the database
              >
              And that section says see the database reference for the details
              http://docs.oracle.com/cd/B28359_01/server.111/b28320/statviews_3072.htm#sthref1675

              These and others are all part of that view
              >
              OBJ_PRIVILEGE VARCHAR2(16) Object privileges granted or revoked by a GRANT or REVOKE statement
              SYS_PRIVILEGE VARCHAR2(40) System privileges granted or revoked by a GRANT or REVOKE statement
              GRANTEE VARCHAR2(30) Name of the grantee specified in a GRANT or REVOKE statement
              >
              Did you even try to do a simple test and see the result in this view or other views?
              • 4. Re: NOAUDIT table
                878451
                yes, i tried all of it, and got no information about noaudit users.

                but something has changed: the other dba told me that at this morning 6 users were audited, by the noon he removed the audition from 2 of them.

                i´m using the query select distinct(user_name) from DBA_STMT_AUDIT_OPTS; to check the audited users, but still different then the users audited on dba_audit_trail on query select distinct(user_name) from DBA_audit_trail;

                I was trying to filter by timestamp but the filtering does not worked very well, and kept showing audited users from this day, including morning.

                SELECT username,
                extended_timestamp,
                owner,
                obj_name,
                action_name,
                sql_text
                FROM dba_audit_trail
                where extended_timestamp > (sysdate-20/24)
                ORDER BY timestamp;

                thnaks anyway

                Edited by: BrunoSales on 27/04/2012 13:52
                • 5. Re: NOAUDIT table
                  rp0428
                  >
                  yes, i tried all of it, and got no information about noaudit users.
                  >
                  Really? I don't see any mention of DBA_AUDIT_STATEMENT in what you just posted.
                  • 6. Re: NOAUDIT table
                    878451
                    THIS dba_audit_statements does not give the information that i seek. thanks.