Home » RDBMS Server » Security » dbms_fga and join syntax (10g)
dbms_fga and join syntax [message #336687] Mon, 28 July 2008 12:46 Go to next message
hoelle
Messages: 2
Registered: July 2008
Junior Member
Hi all!

I've a strange problem with dbms_fga. I have set up dmbs_fga for two tables with
begin 
  dbms_fga.add_policy 
  ( object_schema=>'MYSCHEMA'
  , object_name=>'TABx' 
  , policy_name=>'SELECT_TABx'
  , handler_schema => 'MYSCHEMA'
  , handler_module => 'AUDIT_SELECT'
  , statement_types => 'SELECT' 
  );
end;

Then handler module is a little stored procedure to write to an audit_trail table whenever a select to those tables occurs (Found here http://technology.amis.nl/blog/?p=810).

It's working fine with queries like
select * from tabx;

Even queries like
select * from tabx, taby where tabx.a=tabx.b;

do get logged in the expected way. But when using the join syntax
select * from tabx join taby on tabx.a=tabx.b;
nothing happens, no entry in dba_fga_audit_trail. Is there an explanation/workaround to this?

Any hints are highly appreciated.

Thank you,
Frank
Re: dbms_fga and join syntax [message #336894 is a reply to message #336687] Tue, 29 July 2008 05:24 Go to previous messageGo to next message
hoelle
Messages: 2
Registered: July 2008
Junior Member
Hi all!

This is a known bug in 10g. A workaround is to specify
audit_condition=>'1=1'
in the policy. But when using this and then 'audit_column' condition false positives can occur.

Cheers,
Frank
Re: dbms_fga and join syntax [message #336900 is a reply to message #336894] Tue, 29 July 2008 05:31 Go to previous message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
Many thanks for your feedback.

Regards
Michel
Previous Topic: To active auditing and check
Next Topic: Import Fails with error missing or invalid privilege
Goto Forum:
  


Current Time: Thu Mar 28 13:07:55 CDT 2024