Databases Reference
In-Depth Information
Oracle database—for example, when you perform the necessary maintenance step of
backing up the data?
Lost backup tapes are always a possibility, and backup tapes can be stolen. Secure Back‐
up, first released between Oracle Database 10
g
Release 2 and Oracle Database 11
g
, au‐
tomatically encrypts your backup data. The data can be decrypted only by the source
database, so even if a backup tape is lost or stolen, the recipient will not be able to see
your data.
Auditing
The Oracle Database gives you the ability to restrict unauthorized access to your valuable
data. However, your security is only as good as your implementation, and people do
make mistakes. In addition, you may want to understand what type of activities—
legitimate or not—are taking place with your data. The ability to audit database activity
can address both of these issues.
Oracle's audit capabilities let you track actions at the statement level, privilege level, or
schema object level for the entire database or particular users. Auditing can also gather
data about database activities for planning and tuning purposes. Auditing of connec‐
tions with administrative privileges to an instance and audit records recording database
startup and shutdown occur by default.
You can also audit sessions at the user level, which captures some basic but extremely
useful statistics such as the number of logical I/Os, the number of physical I/Os, and
the total time logged on. As noted in the previous chapter, gathering performance sta‐
tistics is low in terms of collection overhead, and Oracle Database 10
g
and later releases
automatically gather statistics in populating the Automatic Workload Repository
(AWR).
Audit records always contain the following information:
• Username
• Session identifier
• Terminal identifier
• Name of schema object accessed
• Operation performed or attempted
• Completion code of the operation
• Date and timestamp
The records may be stored in a data dictionary table (AUD$ in the SYS schema), which
is also called the database audit trail, or in an operating system audit trail.
