Configuring unified auditing for Oracle Database - Amazon Relational Database Service

Configuring unified auditing for Oracle Database

When you configure unified auditing for use with database activity streams, the following situations are possible:

  • Unified auditing isn't configured for your Oracle database.

    In this case, create new policies with the CREATE AUDIT POLICY command, and then enable them with the AUDIT POLICY command. The following example creates and enables a policy to monitor users with specific privileges and roles.

    CREATE AUDIT POLICY table_pol PRIVILEGES CREATE ANY TABLE, DROP ANY TABLE ROLES emp_admin, sales_admin; AUDIT POLICY table_pol;

    For complete instructions, see Configuring Audit Policies in the Oracle Database documentation.

  • Unified auditing is configured for your Oracle database.

    When you enable a database activity stream, RDS for Oracle automatically clears existing audit data. It also revokes audit trail privileges. RDS for Oracle can no longer do the following:

    • Purge unified audit trail records.

    • Add, delete, or modify the unified audit policy.

    • Update the last archived time stamp.

    Important

    We strongly recommend that you back up your audit data before enabling a database activity stream.

    For a description of the UNIFIED_AUDIT_TRAIL view, see UNIFIED_AUDIT_TRAIL. If you have an account with Oracle Support, see How To Purge The UNIFIED AUDIT TRAIL.