On May 12, 11:30=A0am, "fitzjarr...@[EMAIL PROTECTED]
" <orat...@[EMAIL PROTECTED]
> wrote:
> On May 12, 9:03=A0am, maxim2k <maxi...@[EMAIL PROTECTED]
> wrote:
>
>
>
>
>
> > On 5/12/08 3:30 PM, fitzjarr...@[EMAIL PROTECTED]
wrote:
>
> > > I can only presume this access is through the schema owner. =A0Is
this=
> > > the ONLY account accessing this users objects?
>
> > Yes, each customer has an Oracle user/schema.
>
> > > Which should not be an issue. =A0My question is this: if there is
only=
> > > ONE user account which =A0can access these user objects what good
does=
> > > having execute privilege on dbms_fga provide? =A0This is used to
provi=
de
> > > Fine-Grained Access (fga) to database objects based upon a user id.
> > > If only ONE user id accesses these objects I can see no purpose in
> > > granting access to this package.
>
> > I think the customer needs to create an audit log of actions performed
> > over database objects. Is there a way to do that without using the
> > dbms_fga package?
>
> > Thanks.
>
> That depends upon what you want to accomplish with this audit trail,
> this may give you some ideas on how to proceed depending upon the
> desired result:
>
> http://oratips-ddf.blogspot.com/2006/05/audit-this.html
>
> David Fitzjarrell- Hide quoted text -
>
> - Show quoted text -
Besides the native audit command and the FGA feature you have the
option of using table row triggers to insert a change row into a
history/audit table whenever a base table row is changed.
Applications can also be written to record change activity.
Which feature or method for capturing change data depends on the
environment, the application, and the data. You might use the audit
command to record DDL actions, row triggers to record detail data
changes to specific tables, and FGA to filter what data users can see
on a query against other tables all within a single database.
HTH -- Mark D Powell --
|
