roh oracle 10gr2 fga

Download Roh Oracle 10gr2 Fga

Post on 08-Aug-2015




3 download

Embed Size (px)


oracle securty


Oracle 10g R2 Auditing Features: Fine-Grained AuditingCS780 April 29, 2010 Cassidy Heeyeon Roh

Auditing Monitoring and recording of selected user database

actions SQL statements User name Application Time, etc

Security policies can trigger auditing when

specified elements in an Oracle database are accessed or altered, including the contents within a specified object

Auditing Purpose Enable future accountability for current actions taken

in particular schema, table, or row, or affecting specific content Deter users (or others) from inappropriate actions based on that accountability Investigate suspicious activity Deletion of rows from tables

Auditing Purpose Notify an auditor that an unauthorized user is

manipulating or deleting data and that the user has more privileges than expected which can lead to reassessing user authorizations Monitor and gather data about specific database activities Updates, number of concurrent users at peak times

Detect problems with authorization or access control

implementation Create audit policies to track them

Audit Records Audit records Successful statement execution, unsuccessful

statement execution, or both Statement execution once in each user session or once every time the statement is executed Activities of all users or of a specified user Audit record storage Contains audited operation, user of operation, time

and date of operation Data dictionary table database audit trail Operating system files operating system audit trail

Audit Types Types of Audits Statement Auditing AUDIT TABLE Audit SQL statements by type of statement Broad Audit on selected user or every user

Privilege Auditing AUDIT CREATE TABLE Statement auditing, auditing particular type of action Audit on selected user or every user

Audit Types Types of Audits Schema Object Auditing AUDIT SELECT ON Audit specific statements on particular schema objects Focused Specified type of statement on a specified schema object Always applies to all users of the database Fine-Grained Auditing Audit at the most granular level Data access and actions based on content using any Boolean measure Audit on access to or change in a column

FGA vs Triggers Triggers PS/SQL call for every row processed Create record only when relevant information changed by DML statement FGA No additional cost per row process Audit only once for every policy Audit when specified relevant column occur Specific type of DML statement Changed by statement/selection Combination criteria statement Supports tables and views

Fine-Grained Auditing Implement security policies and associate security

policies with tables, views or synonyms Automatic enforcement of security policies regardless

of data access method (e.g. through application by ad hoc queries) Application context with fined-grained access control is called Virtual Private Database (VPD)

Fine-Grained Auditing Advantages Simple user-defined SQL predicates on objects as

conditions for selective auditing Query is auditing during fetch When policy conditions are met for a returning row

Able to run a user-defined event handler, if specified

in policy Implement using DBMS_FGA package or triggers

Fine-Grained Access Control (VPD) Capabilities Limit access at row levels SELECT, INSERT, UPDATE, DELETE Use security policies when you need them Invoke a policy only if a particular column is

referenced Restrict access using a combination of row-level and column-level controls, by applying a VPD policy to a view

Fine-Grained Access Control (VPD) Capabilities Have some policies that are always applied, called

static policies, and others that can change during execution, called dynamic policies Use more than one policy for each table, including building on top of base policies in packaged applications Distinguish policies between different applications by using policy groups. Each policy group is a set of policies that belong to an application

Fine-Grained Access Control (VPD) Capabilities Distinguish and control the use of INDEX in row level

security policies Designate an application context, called a driving context, to indicate the policy group in effect. When tables, views, or synonyms are accessed, the finegrained access control engine looks up the driving context to determine the policy group in effect and enforces all the associate policies that belong to that policy group

Fine-Grained Auditing PL/SQL package Administer security policies/policy groups Add, drop, enable, refresh DBMS_RLS for VPD (fine-grained access control) DBMS_FGA for Fine-Grained Auditing

Audit record storage SYS.FGA_LOG$ table Access through DBA_FGA_AUDIT_TRAIL view

Fine-Grained Auditing Minimize false or unhelpful audits with


No need to enable AUDIT_TRAIL Add/remove policies as necessary

Require EXECUTE privilege on DBMS_FGA package Ability to temporarily enable/disable FGA policies No loss of metadata DBMS_FGA.ENABLE_POLICY


Fine-Grained Auditing Policies Monitor data accessed based on content Specify columns and conditions E.g. specific types of DML statements in connection with columns specified Specify name of routine performed when audit event

occurs Notify

Alert administrator Handle errors and anomalies

Fine-Grained Auditing Policies Example Limiting logical access to Specifications Test results for product under developement Salary

Audit Action type Area of action Time of action User of action

FGA ADD_POLICY ParametersParameter object_schema Description The schema of the object to be audited. (If NULL, then the current login user schema is assumed.) Default Value NULL

object_name policy_name audit_conditionaudit_column handler_schema handler_module

The name of the object to be audited. The unique name of the policy. A condition in a row that indicates a monitoring condition. NULL is allowed and acts as TRUE.The columns to be checked for access. These can include hidden columns. The default, NULL, causes audit if any column is accessed or affected. The schema that contains the event handler. The default, NULL, causes the current schema to be used. The function name of the event handler includes the package name if necessary. This function is called only after the first row that matches the audit condition in the query is processed. If the procedure fails with an exception, then the user SQL statement will fail as well. Whether the policy is to be enabled: TRUE means enable it. The SQL statement types to which this policy is applicable: INSERT, UPDATE, DELETE, or SELECT only. Both where to write the fine-grained audit trail and whether or not to populate LSQLTEXT and LSQLBIND. Whether a statement is audited when the query references any column specified in the audit_column parameter or only when all such columns are referenced.


enable statement_types audit_trail audit_column_opts


Fine-Grained Auditing Event handler Flexible event handler (handler_module) Notify administrator when triggering event occursPROCEDURE (object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2 ) AS ...

Audit trail record audit_trail DBMS_FGA.DB + DBMS_FGA.EXTENDED SQLBIND and SQLTEXT values are recorded DBMS_FGA.XML Audit records written to XML-formatted OS files

Fine-Grained Auditing DBMS_FGA.ADD_POLICY SyntaxDBMS_FGA.ADD_POLICY( object_schema VARCHAR2, object_name VARCHAR2, policy_name VARCHAR2, audit_condition VARCHAR2, audit_column VARCHAR2, handler_schema VARCHAR2, handler_module VARCHAR2, enable BOOLEAN, statement_types VARCHAR2, audit_trail BINARY_INTEGER IN DEFAULT, audit_column_opts BINARY_INTEGER IN DEFAULT);

Fine-Grained Auditing DBMS_FGA.ADD_POLICY Examplebegin DBMS_FGA.ADD_POLICY object_schema object_name policy_name audit_condition audit_column handler_schema handler_module enable statement_types audit_trail audit_column_opts end; / ( => => => => => => => => => => => 'scott', 'emp', 'mypolicy1', 'sal < 100', -- audit when sal < 100 'comm, sal', NULL, NULL, TRUE, 'INSERT, UPDATE', DBMS_FGA.XML + DBMS_FGA.EXTENDED, DBMS_FGA.ANY_COLUMNS);

Fine-Grained Auditing DBMS_FGA.ADD_POLICY Examplebegin DBMS_FGA.ADD_POLICY ( object_schema => 'HR', object_name => 'EMPLOYEES', policy_name => 'POLICY_EMP_SAL_COMM', audit_condition => 'NULL', -- record all audit_column => 'SALARY, COMMISSION_PCT', statement_types => 'SELECT, UPDATE', audit_column_opts => DBMS_FGA.ALL_COLUMNS -- audit when all audit_column specified are in statement_types); end; / PL/SQL procedure successfully completed.

Fine-Grained Auditing Example executions as HR:UPDATE hr.employees SET SALARY = SALARY+ 4000 WHERE employee_id =197; UPDATE hr.employees SET SALARY = SALARY+ 4000, COMMISSION_PCT = COMMISSION_PCT+ 0.5 WHERE COMMISSION_PCT > 0;

SELECT employee_id, salary FROM hr.employees;DELETE hr.employees WHERE employee_id = 110; SELECT * FROM hr.employees;

Fine-Grained Auditing Example executions before enabled:UPDATE hr.employees SET SALARY = SALARY+ 4000 WHERE employee_id =197; UPDATE hr.employees SET SALARY = SALARY+ 4000, COMMISSION_PCT = COMMISSION_PCT+ 0.5 WHERE COMMISSION_PCT > 0;

1 row updated.

35 rows updated.

SELECT employee_id, salary FROM hr.employees; 107 rows selected.DELETE hr.employees WHERE employee_id = 110; SELECT * FROM hr.employees; 1 row deleted. 106 rows selected.

Fine-Grained Auditing DBMS_FGA.ENABLE_POLICY Ex