5 Replies Latest reply on Apr 4, 2013 8:40 PM by rp0428

    Auditing question executing the TRUNCATE command.


      We have some audit controls in place that interrogate SQL codes to determine whether an INSERT, UPDATE or DELETE command has been executed by a user. However, when a user executes a TRUNCATE command, an sudit record is not generated. Since I cannot find a specific code for Truncate, I was thinking that the code that caputes a DELETE command would work... but it doesn't appear that is the case.

      We only have a very few users that can issue the TRUNCATE command, but I'd like to know if anyone knows of a specific code for TRUNCATE. Or if anyone has an idea how we could generate AUDIT records when a user does issue a TRUNCATE command.

        • 1. Re: Auditing question executing the TRUNCATE command.
          Kamran Agayev A.
          Did you test
          - - - - - - - - - - - - - - - - - - - - -
          Kamran Agayev A. (10g OCP)
          • 2. Re: Auditing question executing the TRUNCATE command.
            As a TRUNCATE statement deletes rows from a table, triggers associated with the table are not fired. Also, a TRUNCATE statement does not generate any audit information corresponding to DELETE statements if auditing is enabled. Instead, a single audit record is generated for the TRUNCATE statement being issued.

            you can take a look at this..
            refer to section called : Setting Auditing Options
            • 3. Re: Auditing question executing the TRUNCATE command.
              as kamran pointed...

              have u treid audit truncate;

              take a look at this blog...

              • 4. Re: Auditing question executing the TRUNCATE command.
                There is certainly a lot of bad information floating around on this topic.

                "Audit table" will audit create table, drop table and truncate table - which is absolutely true. It is the ONLY way to reliably audit truncate table operations.

                Object auditing on a specific table (e.g. audit all on scott.mytab) never creates an audit record for truncation.

                You can audit "DROP ANY TABLE" which will create an audit record ONLY when someone with the DROP ANY TABLE system privilege attempts to truncate a table in another schema.

                Contrary to what some "experts" (including at least one ACE) think, "audit truncate table" is NOT valid syntax.

                "Audit truncate" does not return an error, but (as far as I can tell and I've actually tested it on,, and it does nothing. It creates no record in DBA_STMT_AUDIT_OPTS or DBA_PRIV_AUDIT_OPTS and it never produces a record in the audit trail. It is a half-baked auditing option that does not actually work - so, "audit truncate" should return an error!
                • 5. Re: Auditing question executing the TRUNCATE command.
                  DEAD THREAD!

                  Please don't revive 4 year old threads. Let them rest in peace.

                  It's good that you want to contribute to the forums but your contributions will be more useful if you respond to current unanswered threads.