This discussion is archived
2 Replies Latest reply: Dec 2, 2010 8:57 AM by 729900 RSS

before/after reports

729900 Newbie
Currently Being Moderated
hello,

i understand that Capture Rules are the only way to specify what can be collected for the before/after reports.
so even if statement and/or privilege auditing is NOT enabled for a particular user, if that user makes changes to a table that has a Capture Rule on it, their redo activity will be included in the Before/After report, correct?

is there a way to limit the collection for the table with a capture rule on it, i.e., log only changes when they are made by certain users?
is there a way that FGA policies can be used for this?
i know Audit vault can filter this at the report level, but we would like to know if this can be done so that unwanted information need not be logged and stored in the data warehouse.

thank you
  • 1. Re: before/after reports
    706614 Explorer
    Currently Being Moderated
    Hi:

    Unfortunately, Capture Rules are "all or nothing". You can control the scope - Global, Schema, or Table, and you can control the type of activity - DDL or DML, but nothing else. FGA policies are a completely separate mechanism for auditing activity conditionally. However, they do not make use of the REDO log mechanism that Streams does. FGA policies do give you the ability to create audit records when certain conditions occur, such as the application context containing specific user information. They also give you the ability to capture SQL Text and SQL Bind data. They do not, however, give you before / after values.

    If you define both an FGA policy and a Capture Rule on a table, you will get two or more records (one from FGA_LOG$ using the DBAUD collector, and one or more from the REDO log - one for each affected row, using the REDO collector).

    Hope this helps.
  • 2. Re: before/after reports
    729900 Newbie
    Currently Being Moderated
    Yes, that clarified it. thank you!

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points