Database Auditing

Database auditing often involves observing a database to be aware of the actions the database users are taking. Auditing can help with security, for example, to ensure that a user does not change information to which they should not have access. Audit categories make it easier to track changes within the database. You can see system tables that will bring together logged queries, tables, and changes to configuration parameters.

For example, the authentication audit category tracks queries, system tables, and configuration parameters related to security and authentication, such as:

• DROP AUTHENTICATION statement
• GRANT/REVOKE authentication statements
• LDAP Link related configuration parameters

You can also use the authentication audit category for weekly security reports to better understand attempts to gain access to data or to view unauthorized changes.

There are three system tables that can be used to track changes for queries, parameters, and tables as follows:

• LOG_PARAMS
• LOG_QUERIES
• LOG_TABLES

There is also a system table for tracking changes to privileges for users:

• AUDIT_MANAGING_USERS_PRIVILEGES