This content has been marked as final. Show 3 replies
damorgan wrote:I knew it had to be there, and thought I had read it before, but for some reason I just wasn't seeing it to confirm my doubts! Like I said ... brain freeze.
What's to explain? Oracle clearly explains this in the docs:
Note: DELETE, INSERT, UPDATE, and MERGE operations on SYS.AUD$ table are always audited. These audit records are not allowed to be deleted.
Thanks for getting me back on track.
Even thought the thread is marked as answered I would just like to point out that the reference states "When standard auditing is enabled (that is, you set AUDIT_TRAIL to DB or DB,EXTENDED), Oracle Database audits all data manipulation language (DML) operations, such as INSERT, UPDATE, MERGE, and DELETE on the SYS.AUD$ and SYS.FGA_LOG$ tables by non-SYS users."
If you run the delete as user sys then I would expect no audit record to be recorded in sys.aud$ for the action. That is how our 9.2 system works. I do not think we configured auditing on any of our 10g systems so that I can verify our clean scripts work the same way. I will have to look into that as a separate issue.
User sys activity can be logged to the aud directory but unless you specify auditing the sysdba activity the information written is very restricted in nature.
HTH -- Mark D Powell --