【实验】【审计】【FGA】【实验】【审计】【FGA】使用Oracle的审计功能监控数据库中的可疑操作
看一下Oracle的审计功能(包括FGA细粒度审计)能给我们带来些什么的强悍效果。
我将通过这个小文儿向您展示一下Oracle很牛的审计功能。Follow me.
1.使用审计,需要先激活审计功能
1)查看系统中默认的与审计相关的参数设置
> conn / as sysdba
Connected.
> show parameter audit
NAME TYPE VALUE
--------------------- --------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
2)对上面所列的参数进行一下解释
(1)AUDIT_FILE_DEST = 路径
指示出审计的文件存放的路径信息,我们这里显示的是“/oracle/app/oracle/admin/ora10g/adump”
不管打开还是不打开审计功能,这个目录项都会记录以sysdba身份的每次登录信息,有兴趣的朋友可以到这个目录中查看一下。
例如:
$ cat ora_9915.aud
Audit file /oracle/app/oracle/admin/ora10g/adump/ora_9915.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engine options
ORACLE_HOME = /oracle/app/oracle/product/10.2.0/db_1
System name: Linux
Node name: testdb183
Release: 2.6.18-128.el5
Version: #1 SMP Wed Dec 17 11:41:38 EST 2008
Machine: x86_64
Instance name: ora10g
Redo thread mounted by this instance: 1
Oracle process number: 13
Unix process pid: 9915, image: (TNS V1-V3)
Wed Aug 26 19:24:11 2009
ACTION : 'CONNECT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/1
STATUS: 0
(2)audit_sys_operations
默认值是FALSE,如果开启审计功能,这个参数需要修改为TRUE。
(3)audit_syslog_level
语句:指定审计语句或特定类型的语句组,象审计表的语句 CREATE TABLE, TRUNCATE TABLE, COMMENT ON TABLE, and DELETE [FROM] TABLE
权限:使用审计语句指定系统权限,象AUDIT CREATE ANY TRIGGER
对象:在指定对象上指定审计语句,象ALTER TABLE on the emp table
(4)AUDIT_TRAIL = NONE|DB|OS
DB--审计信息记录到数据库中
OS--审计信息记录到操作系统文件中
NONE--关闭审计(默认值)
3)修改参数audit_sys_operations为“TRUE”,开启审计的功能
> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
4)修改参数audit_trail为“db”,审计信息记录到数据库中
> alter system set audit_trail=db scope=spfile;
System altered.
5)注意,到这里如果需要使这些参数生效,必须重新启动一下数据库
> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
> startup;
ORACLE instance started.
Total System Global Area 1073741824 bytes
Fixed Size 2078264 bytes
Variable Size 293603784 bytes
Database Buffers 771751936 bytes
Redo Buffers 6307840 bytes
Database mounted.
Database opened.
6)验证一些参数修改后的结果,这里显示已经修改完成
> show parameter audit;
NAME TYPE VALUE
--------------------- -------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
2.开启了审计功能后,这里有一个有趣的效果,就是所有sysdba权限下的操作都会被记录到这个/oracle/app/oracle/admin/ora10g/adump审计目录下。这也是为什么开启了审计功能后会存在一些开销和风险。
1)假如我们在sysdba权限用户下执行下面三条命令
> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
Session altered.
> select * From dual;
D
-
X
> show parameter spfile
NAME TYPE VALUE
------ ------ ------------------------------------------------------------
spfile string /oracle/app/oracle/product/10.2.0/db_1/dbs/spfileora10g.ora
2)使用tail命令可以看到在相应的trace文件中有如下的详细记录信息,有点意思的发现,可以看到“show parameter spfile”命令背后真正执行了什么样的SQL语句
Wed Aug 26 20:04:03 2009
ACTION : 'alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss''
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:03 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'select * From dual'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:07:21 2009
ACTION : 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('%spfile%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
3.演示一下对sec用户的t_audit表delete操作的审计效果
1)表t_audit信息如下
> select * from t_audit order by 1;
X
----------
1
2
3
4
5
6
6 rows selected.
2)这里仅仅开启对表t_audit的delete操作的审计
> audit delete on t_audit;
Audit succeeded.
3)查看审计设置可以通过查询dba_obj_audit_opts视图来完成
> select OWNER,OBJECT_NAME,OBJECT_TYPE,DEL,INS,SEL,UPD from dba_obj_audit_opts;
OWNER OBJECT_NAME OBJECT_TYPE DEL INS SEL UPD
------ ------------ ------------ --------- --------- --------- ---------
SEC T_AUDIT TABLE S/S -/- -/- -/-
4)尝试插入数据
> insert into t_audit values (7);
1 row created.
5)因为我们没有对insert语句进行审计,所以没有审计信息可以得到
> select count(*) from dba_audit_trail;
COUNT(*)
----------
0
6)再尝试delete操作
> delete from t_audit where x=1;
1 row deleted.
7)不出所料,delete操作被数据库捕获
这里可以通过查询dba_audit_trail视图或者sys.aud$视图得到详细的审计信息,这种审计方法可以得到操作的时间,操作用户等较粗的信息(相对后面介绍的细粒度审计来说)
> select count(*) from dba_audit_trail;
COUNT(*)
----------
1
select * from dba_audit_trail;
select * from sys.aud$;
4.如想要取消对表t_audit的全部审计,需要使用手工方式来完成
> noaudit all on t_audit;
Noaudit succeeded.
通过查询dba_obj_audit_opts视图,确认确实已经取消的审计
> select * from dba_obj_audit_opts;
no rows selected
5.【FGA】【细粒度审计】上面得到的审计信息是较粗的,我们进一步演示一下“细粒度审计FGA”的效果:可以通过FGA得到操作的SQL语句级别的信息
1)细粒度审计t_audit表上的增删改查的一切操作
> conn / as sysdba
Connected.
> exec dbms_fga.add_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit',statement_types => 'INSERT, UPDATE, DELETE, SELECT');
PL/SQL procedure successfully completed.
2)对t_audit表增删改查操作一番
> conn sec/sec
Connected.
> select * from t_audit;
X
----------
2
3
4
5
6
7
6 rows selected.
> delete from t_audit where x=5;
1 row deleted.
> update t_audit set x=8 where x=7;
1 row updated.
> insert into t_audit values (1);
1 row created.
> commit;
Commit complete.
3)OK,查看dba_fga_audit_trail视图得到了4条审计记录
> select count(*) from dba_fga_audit_trail;
COUNT(*)
----------
4
4)详细查看一下对应的SQL操作,FGA还是很强悍的
> col DB_USER for a10
> col SQL_TEXT for a50
> select db_user,sql_text from dba_fga_audit_trail;
DB_USER SQL_TEXT
---------- --------------------------------------------------
SEC select * from t_audit
SEC delete from t_audit where x=5
SEC update t_audit set x=8 where x=7
SEC insert into t_audit values (1)
5)最后再看一下这个dba_fga_audit_trail视图的结构,可以看到这个视图中记录了非常详尽的审计信息列
> desc dba_fga_audit_trail
Name Null? Type
------------------- -------- ----------------------------
SESSION_ID NOT NULL NUMBER
TIMESTAMP DATE
DB_USER VARCHAR2(30)
OS_USER VARCHAR2(255)
USERHOST VARCHAR2(128)
CLIENT_ID VARCHAR2(64)
ECONTEXT_ID VARCHAR2(64)
EXT_NAME VARCHAR2(4000)
OBJECT_SCHEMA VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
POLICY_NAME VARCHAR2(30)
SCN NUMBER
SQL_TEXT NVARCHAR2(2000)
SQL_BIND NVARCHAR2(2000)
COMMENT$TEXT VARCHAR2(4000)
STATEMENT_TYPE VARCHAR2(7)
EXTENDED_TIMESTAMP TIMESTAMP(6) WITH TIME ZONE
PROXY_SESSIONID NUMBER
GLOBAL_UID VARCHAR2(32)
INSTANCE_NUMBER NUMBER
OS_PROCESS VARCHAR2(16)
TRANSACTIONID RAW(8)
STATEMENTID NUMBER
ENTRYID NUMBER
6)针对上面添加的审计策略进行调整:disable_policy、enable_policy和drop_policy的方法
使策略失效的方法:
> exec dbms_fga.disable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
使策略生效的方法:
> exec dbms_fga.enable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
彻底删除策略的方法:
> exec dbms_fga.drop_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
PL/SQL procedure successfully completed.
最后列一下dbms_fga提供给我们使用的方法都有哪些
> desc dbms_fga
PROCEDURE ADD_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
AUDIT_CONDITION VARCHAR2 IN DEFAULT
AUDIT_COLUMN VARCHAR2 IN DEFAULT
HANDLER_SCHEMA VARCHAR2 IN DEFAULT
HANDLER_MODULE VARCHAR2 IN DEFAULT
ENABLE BOOLEAN IN DEFAULT
STATEMENT_TYPES VARCHAR2 IN DEFAULT
AUDIT_TRAIL BINARY_INTEGER IN DEFAULT
AUDIT_COLUMN_OPTS BINARY_INTEGER IN DEFAULT
PROCEDURE DISABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE DROP_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE ENABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
ENABLE BOOLEAN IN DEFAULT
1.使用审计,需要先激活审计功能
1)查看系统中默认的与审计相关的参数设置
> conn / as sysdba
Connected.
> show parameter audit
NAME TYPE VALUE
--------------------- --------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
2)对上面所列的参数进行一下解释
(1)AUDIT_FILE_DEST = 路径
指示出审计的文件存放的路径信息,我们这里显示的是“/oracle/app/oracle/admin/ora10g/adump”
不管打开还是不打开审计功能,这个目录项都会记录以sysdba身份的每次登录信息,有兴趣的朋友可以到这个目录中查看一下。
例如:
$ cat ora_9915.aud
Audit file /oracle/app/oracle/admin/ora10g/adump/ora_9915.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engine options
ORACLE_HOME = /oracle/app/oracle/product/10.2.0/db_1
System name: Linux
Node name: testdb183
Release: 2.6.18-128.el5
Version: #1 SMP Wed Dec 17 11:41:38 EST 2008
Machine: x86_64
Instance name: ora10g
Redo thread mounted by this instance: 1
Oracle process number: 13
Unix process pid: 9915, image: (TNS V1-V3)
Wed Aug 26 19:24:11 2009
ACTION : 'CONNECT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/1
STATUS: 0
(2)audit_sys_operations
默认值是FALSE,如果开启审计功能,这个参数需要修改为TRUE。
(3)audit_syslog_level
语句:指定审计语句或特定类型的语句组,象审计表的语句 CREATE TABLE, TRUNCATE TABLE, COMMENT ON TABLE, and DELETE [FROM] TABLE
权限:使用审计语句指定系统权限,象AUDIT CREATE ANY TRIGGER
对象:在指定对象上指定审计语句,象ALTER TABLE on the emp table
(4)AUDIT_TRAIL = NONE|DB|OS
DB--审计信息记录到数据库中
OS--审计信息记录到操作系统文件中
NONE--关闭审计(默认值)
3)修改参数audit_sys_operations为“TRUE”,开启审计的功能
> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
4)修改参数audit_trail为“db”,审计信息记录到数据库中
> alter system set audit_trail=db scope=spfile;
System altered.
5)注意,到这里如果需要使这些参数生效,必须重新启动一下数据库
> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
> startup;
ORACLE instance started.
Total System Global Area 1073741824 bytes
Fixed Size 2078264 bytes
Variable Size 293603784 bytes
Database Buffers 771751936 bytes
Redo Buffers 6307840 bytes
Database mounted.
Database opened.
6)验证一些参数修改后的结果,这里显示已经修改完成
> show parameter audit;
NAME TYPE VALUE
--------------------- -------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
2.开启了审计功能后,这里有一个有趣的效果,就是所有sysdba权限下的操作都会被记录到这个/oracle/app/oracle/admin/ora10g/adump审计目录下。这也是为什么开启了审计功能后会存在一些开销和风险。
1)假如我们在sysdba权限用户下执行下面三条命令
> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
Session altered.
> select * From dual;
D
-
X
> show parameter spfile
NAME TYPE VALUE
------ ------ ------------------------------------------------------------
spfile string /oracle/app/oracle/product/10.2.0/db_1/dbs/spfileora10g.ora
2)使用tail命令可以看到在相应的trace文件中有如下的详细记录信息,有点意思的发现,可以看到“show parameter spfile”命令背后真正执行了什么样的SQL语句
Wed Aug 26 20:04:03 2009
ACTION : 'alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss''
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:03 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'select * From dual'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:07:21 2009
ACTION : 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('%spfile%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
3.演示一下对sec用户的t_audit表delete操作的审计效果
1)表t_audit信息如下
> select * from t_audit order by 1;
X
----------
1
2
3
4
5
6
6 rows selected.
2)这里仅仅开启对表t_audit的delete操作的审计
> audit delete on t_audit;
Audit succeeded.
3)查看审计设置可以通过查询dba_obj_audit_opts视图来完成
> select OWNER,OBJECT_NAME,OBJECT_TYPE,DEL,INS,SEL,UPD from dba_obj_audit_opts;
OWNER OBJECT_NAME OBJECT_TYPE DEL INS SEL UPD
------ ------------ ------------ --------- --------- --------- ---------
SEC T_AUDIT TABLE S/S -/- -/- -/-
4)尝试插入数据
> insert into t_audit values (7);
1 row created.
5)因为我们没有对insert语句进行审计,所以没有审计信息可以得到
> select count(*) from dba_audit_trail;
COUNT(*)
----------
0
6)再尝试delete操作
> delete from t_audit where x=1;
1 row deleted.
7)不出所料,delete操作被数据库捕获
这里可以通过查询dba_audit_trail视图或者sys.aud$视图得到详细的审计信息,这种审计方法可以得到操作的时间,操作用户等较粗的信息(相对后面介绍的细粒度审计来说)
> select count(*) from dba_audit_trail;
COUNT(*)
----------
1
select * from dba_audit_trail;
select * from sys.aud$;
4.如想要取消对表t_audit的全部审计,需要使用手工方式来完成
> noaudit all on t_audit;
Noaudit succeeded.
通过查询dba_obj_audit_opts视图,确认确实已经取消的审计
> select * from dba_obj_audit_opts;
no rows selected
5.【FGA】【细粒度审计】上面得到的审计信息是较粗的,我们进一步演示一下“细粒度审计FGA”的效果:可以通过FGA得到操作的SQL语句级别的信息
1)细粒度审计t_audit表上的增删改查的一切操作
> conn / as sysdba
Connected.
> exec dbms_fga.add_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit',statement_types => 'INSERT, UPDATE, DELETE, SELECT');
PL/SQL procedure successfully completed.
2)对t_audit表增删改查操作一番
> conn sec/sec
Connected.
> select * from t_audit;
X
----------
2
3
4
5
6
7
6 rows selected.
> delete from t_audit where x=5;
1 row deleted.
> update t_audit set x=8 where x=7;
1 row updated.
> insert into t_audit values (1);
1 row created.
> commit;
Commit complete.
3)OK,查看dba_fga_audit_trail视图得到了4条审计记录
> select count(*) from dba_fga_audit_trail;
COUNT(*)
----------
4
4)详细查看一下对应的SQL操作,FGA还是很强悍的
> col DB_USER for a10
> col SQL_TEXT for a50
> select db_user,sql_text from dba_fga_audit_trail;
DB_USER SQL_TEXT
---------- --------------------------------------------------
SEC select * from t_audit
SEC delete from t_audit where x=5
SEC update t_audit set x=8 where x=7
SEC insert into t_audit values (1)
5)最后再看一下这个dba_fga_audit_trail视图的结构,可以看到这个视图中记录了非常详尽的审计信息列
> desc dba_fga_audit_trail
Name Null? Type
------------------- -------- ----------------------------
SESSION_ID NOT NULL NUMBER
TIMESTAMP DATE
DB_USER VARCHAR2(30)
OS_USER VARCHAR2(255)
USERHOST VARCHAR2(128)
CLIENT_ID VARCHAR2(64)
ECONTEXT_ID VARCHAR2(64)
EXT_NAME VARCHAR2(4000)
OBJECT_SCHEMA VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
POLICY_NAME VARCHAR2(30)
SCN NUMBER
SQL_TEXT NVARCHAR2(2000)
SQL_BIND NVARCHAR2(2000)
COMMENT$TEXT VARCHAR2(4000)
STATEMENT_TYPE VARCHAR2(7)
EXTENDED_TIMESTAMP TIMESTAMP(6) WITH TIME ZONE
PROXY_SESSIONID NUMBER
GLOBAL_UID VARCHAR2(32)
INSTANCE_NUMBER NUMBER
OS_PROCESS VARCHAR2(16)
TRANSACTIONID RAW(8)
STATEMENTID NUMBER
ENTRYID NUMBER
6)针对上面添加的审计策略进行调整:disable_policy、enable_policy和drop_policy的方法
使策略失效的方法:
> exec dbms_fga.disable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
使策略生效的方法:
> exec dbms_fga.enable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
彻底删除策略的方法:
> exec dbms_fga.drop_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
PL/SQL procedure successfully completed.
最后列一下dbms_fga提供给我们使用的方法都有哪些
> desc dbms_fga
PROCEDURE ADD_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
AUDIT_CONDITION VARCHAR2 IN DEFAULT
AUDIT_COLUMN VARCHAR2 IN DEFAULT
HANDLER_SCHEMA VARCHAR2 IN DEFAULT
HANDLER_MODULE VARCHAR2 IN DEFAULT
ENABLE BOOLEAN IN DEFAULT
STATEMENT_TYPES VARCHAR2 IN DEFAULT
AUDIT_TRAIL BINARY_INTEGER IN DEFAULT
AUDIT_COLUMN_OPTS BINARY_INTEGER IN DEFAULT
PROCEDURE DISABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE DROP_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE ENABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
ENABLE BOOLEAN IN DEFAULT
