Wednesday, March 24, 2010

1Z0-052 - Implementing Oracle Database Security


Database Security and Principle of Least PrivilegeWork with Standard Database Auditing
  • What is Standard Auditing? In standard auditing, you audit SQL statements, privileges, schema objects, and network activity. You configure standard auditing by using the AUDIT SQL statement and NOAUDIT to remove this configuration. You can write the audit records to either the database audit trail or to operating system audit files.
  • Who Can Perform Standard Auditing? Any user can configure auditing for the objects in his or her own schema, by using the AUDIT statement. To undo the audit configuration for this object, the user can use the NOAUDIT statement. No additional privileges are needed to perform this task. Users can run AUDIT statements to set auditing options regardless of the AUDIT_TRAIL parameter setting. If auditing has been disabled, the next time it is enabled, Oracle Database will record the auditing activities set by the AUDIT statements.
  • When Are Standard Audit Records Created? When auditing is enabled in the database and an action configured to be audited occurs, Oracle Database generates an audit record during or after the execution phase of the SQL statement. Oracle Database individually audits SQL statements inside PL/SQL program units, as necessary, when the program unit is run.

    The generation and insertion of an audit trail record is independent of a user transaction being committed. That is, even if a user transaction is rolled back, the audit trail record remains committed.

    Statement and privilege audit options in effect at the time a database user connects to the database remain in effect for the duration of the session. When the session is already active, setting or changing statement or privilege audit options does not take effect in that session. The modified statement or privilege audit options take effect only when the current session ends and a new session is created.

    In contrast, changes to schema object audit options become immediately effective for current sessions.


Doug Burns said...


I'm intrigued. Whilst I like the Oracle docs, too, are you planning on posting entire exam cram guides here? It makes OraNA, erm, slightly-less-than-interesting reading.

Maybe you could try a .txt file or something for your notes? ;-)



oraclenerd said...

Mr. Burns,

Unfortunately, I cannot control what goes or doesn't to that feed. It's a catch all.

However, the naming convention is fairly straight-forward which should make it easy to skip over for those not wishing to read.

I am doing this for a couple of reasons.
1. It's my blog and I can do what I want. ;)
2. I'm trying to show that it is in fact possible to study for these certs using nothing but the Oracle documentation (i.e you don't need to spend money on anything but the tests).
3. Have you googled the test name? There is so much crap out there...brain dumps, cheat sheets, etc...that perhaps an alternative method can show up closer to the top of (google) searches. Just maybe one person will decide to do it the "hard" way.
4. Did I mention it was my blog? :)
5. I don't think a text file is quite as pretty as this.

If it really is a problem, well, I don't really know what to say. Eddie runs the feed so ultimately it would be his decision.

Doug Burns said...

As you said - your blog, your call. (OK, I might not be quoting you precisely)

Think of it as some reader feedback and nothing more.

Anonymous said...


I'm about to start to study to get a DBA certification.

I already have installed APEX just for fun sometime ago. My question is: do I need a full Oracle instalation to practice do get a DBA certification or the APEX installation is OK to study for a DBA certification.

Thanks a lot!


oraclenerd said...


Congrats on seeking your DBA cert.

I am no expert when it comes to getting certified (I still haven't taken the tests for the OCP DBA), but I do have an opinion. :)

I would say, no, just using the APEX front end is not enough to gain your DBA certification. Practically, it might be possible. When the rubber meets the road though, I believe having intimate knowledge of how your Oracle database works is essential. APEX will "hide" much of what goes on behind the scenes (if it can, in fact, do much of what Enterprise Manager can do).

That's my 2 cents anyway.

Good luck!


Anonymous said...


Thanks a lot for your advice! I really appreciate it.