6.261 UNIFIED_AUDIT_TRAIL
Note:
This view is populated only in an Oracle Database where unified auditing is enabled.
-
See Oracle Database Security Guide for more information about unified auditing.
-
See Oracle Database Upgrade Guide for more information about migrating to unified auditing.
| Column | Datatype | NULL | Description |
|---|---|---|---|
|
|
|
|
Type of auditing:
|
|
|
|
|
Audit session identifier |
|
|
|
|
Audit session identifier of proxying session |
|
|
|
|
Name of the operating system user for the database session |
|
|
|
|
Name of the host machine from which the session was spawned |
|
|
|
|
The operating system terminal of the user session |
|
|
|
|
Instance number as specified in the initialization parameter file, init.ora |
|
|
|
|
Database identifier of the audited database |
|
|
|
|
Type of authentication for the session user |
|
|
|
|
Database user name of the user whose actions were audited |
|
|
|
|
Proxying user name, in the case of proxy authentication |
|
|
|
|
External user name, in the case of network or external authentication |
|
|
|
|
Global user identifier for the user, for a user logged in as an enterprise user |
|
|
|
|
Name of the program used for the database session |
|
|
|
|
Value of |
|
|
|
|
Name of the Real Application Security user |
|
|
|
|
Identifer of the Real Application Security session |
|
|
|
|
Numeric ID for each audit trail entry in the session |
|
|
|
|
Numeric ID for each statement run (a statement may cause many actions) |
|
|
|
|
Timestamp of the creation of the audit trail entry in the local time zone |
|
|
|
Timestamp of the creation of the audit trail entry in UTC (Coordinated Universal Time) |
|
|
|
|
|
Name of the action executed by the user. The name should be read in conjunction with the |
|
|
|
|
Oracle error code generated by the action. Zero if the action succeeded |
|
|
|
|
Operating system process identifier of the Oracle database process |
|
|
|
|
Transaction identifier of the transaction in which the object is modified |
|
|
|
|
System change number (SCN) of the query at the time of the event |
|
|
|
|
Execution context identifier for each action |
|
|
|
|
Schema name of object affected by the action |
|
|
|
|
Name of the object affected by the action |
|
|
|
|
SQL associated with the event |
|
|
|
|
List of bind variables, if any, associated with |
|
|
|
|
Semicolon-seperated list of Application Context Namespace, Attribute, Value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=<value>) format |
|
|
|
|
Client identifier in each Oracle session |
|
|
|
|
The schema of the object named in the NEW_NAME column |
|
|
|
|
New name of object after RENAME, or name of underlying object (for example, CREATE INDEX owner.obj_name ON new_owner.new_name) |
|
|
|
|
Name of the edition containing the audited object |
|
|
|
|
Comma-separated list of system privileges used to execute the action |
|
|
|
|
System privilege granted/revoked by a GRANT/REVOKE statement |
|
|
|
|
AUDIT/NOAUDIT SQL command |
|
|
|
|
Object privileges granted/revoked by a GRANT/REVOKE statement |
|
|
|
|
Roles granted or revoked or set by GRANT/REVOKE/SET ROLE command |
|
|
|
|
User on whom the GRANT/REVOKE/AUDIT/NOAUDIT statement was executed |
|
|
|
|
User who was excluded when the AUDIT/NOAUDIT statement was executed |
|
|
|
|
Displays the schema of the excluded objects |
|
|
|
|
Displays object excluded from the action |
|
|
|
|
Effective user for the statement execution |
|
|
|
|
Text comment on the audit trail entry, if any |
|
|
|
|
Lists the audit policies that caused the current audit record. For example, if If more than one policy was configured, the list of policies that caused the event to be recorded in the audit trail are displayed in a comma-separated list. |
|
|
|
|
Fine-grained auditing (FGA) policy name that generated this FGA audit record |
|
|
|
|
Inactivity timeout of the Real Application Security session |
|
|
|
|
Type of the Real Application Security entity. Possible values are |
|
|
|
|
Target principal name in Real Application Security operations. Possible operations are set verifier, set password, add proxy, remove proxy, switch user, assign user, create session,and grant roles. |
|
|
|
|
Name of the Real Application Security proxy user |
|
|
|
|
Name of the Real Application Security data security policy enabled or disabled |
|
|
|
|
Name of the schema in enable, disable data security policy and global callback operation |
|
|
|
|
Real Application Security global callback event type |
|
|
|
|
Real Application Security callback package name for the global callback |
|
|
|
|
Real Application Security callback procedure name for the global callback |
|
|
|
|
The role that is enabled |
|
|
|
|
Real Application Security session cookie |
|
|
|
|
Name of the Real Application Security session namespace |
|
|
|
|
Name of the Real Application Security session namespace attribute |
|
|
|
|
The old value of the Real Application Security session namespace attribute |
|
|
|
|
The new value of the Real Application Security session namespace |
|
|
|
|
Numeric action type code for Database Vault |
|
|
|
|
Name of the action whose numeric code appears in the |
|
|
|
|
Numeric action type code for Database Vault administration |
|
|
|
|
Name of the user whose Database Vault authorization was modified |
|
|
|
|
Database Vault specific error code |
|
|
|
|
The unique name of the Database Vault object that was modified |
|
|
|
|
The unique name of the rule set that was executing and caused the audit event to trigger |
|
|
|
|
Text comment on the audit trail entry, providing more information about the statement audited |
|
|
|
|
An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered |
|
|
|
|
Indicates whether a particular Database Vault object is enabled or disabled. For example, if a Database Vault administrator enables or disables a realm, then this event will be audited and the
|
|
|
|
|
Name of the Oracle Label Security (OLS) policy for which this audit record is generated |
|
|
|
|
Name of the user whose OLS authorization was modified |
|
|
|
|
Maximum read label assigned to a user |
|
|
|
|
Maximum write label assigned to a user |
|
|
|
|
Minimum write label assigned to a user |
|
|
|
|
OLS privileges assigned to a user or a trusted stored procedure |
|
|
|
|
Name of the trusted stored procedure whose authorization was modified or was executed |
|
|
|
|
OLS privileges used for an event |
|
|
|
|
String representation of the OLS label |
|
|
|
|
Type of the OLS label component |
|
|
|
|
Name of the OLS label component |
|
|
|
|
Name of the parent of the OLS group |
|
|
|
|
Old value for OLS ALTER events |
|
|
|
|
New value for OLS ALTER events |
|
|
|
|
RMAN session identifier. Together with |
|
|
|
|
Timestamp for the session |
|
|
|
|
The RMAN operation executed by the job. One row will be added for each distinct operation within an RMAN session. For example, a backup job would contain |
|
|
|
|
Type of objects involved for backup or restore/recover or change/delete/crosscheck commands. It contains one of the following values. If RMAN command does not satisfy one of them, then preference is given in order, from top to bottom of the list:
|
|
|
|
|
Device involved in the RMAN job. It may be For a backup job, it will be the output device type. For other commands (such as restore or crosscheck), it will be the input device type. |
|
|
|
|
Parameters during a Data Pump operation that have a text/string value. This may contain the values for:
For descriptions and more information about the settings that can appear for these Data Pump text parameters, see Table 6-2. |
|
|
|
|
Parameters during a Data Pump operation that have a boolean value. This may contain the values for:
|
|
|
|
|
Shows the number of columns that were loaded using the SQL*Loader direct path load method |
|
|
|
|
Stores virtual private database (VPD) policy names and predicates separated by delimiter. To format the output into individual rows, use the |
|
|
|
|
The connecting user name The value in this column is meaningful only when the |
|
|
|
|
The target database service name The value in this column is meaningful only when the |
|
|
|
|
The source location of the initiating connection The value in this column is meaningful only when the |
Footnote 1 This column is available starting with Oracle Database release 19c, version 19.1.
Table 6-2 Data Pump Text Parameter Descriptions
| Parameter | Description |
|---|---|
|
|
The method used to load the data. Settings can be:
|
|
|
Indicates how certain types of data were handled during import operations. Settings are in bit-mask format, which are as follows:
|
|
|
Not in use |
|
|
Is either |
|
|
Specifies the version of database objects that were imported |
|
|
Indicates the name of the master table. By default, it appears as follows for export operations: schema_name.SYS_EXPORT_TABLE_n For import operations, it appears as follows: schema_name.SYS_IMPORT_TABLE_n The |
|
|
Type of export or import operation. For example a table export would be |
|
|
Indicates how table partitions were created during an import operation. Settings can be:
|
|
|
Indicates that the export was performed from a (source) database identified by a valid database link. The data from the source database instance was written to a dump file set on the connected database instance. |
|
|
Indicates the action that was taken on an import operation when the target table already existed. The values are as follows:
|
See Also:
-
Oracle Database PL/SQL Packages and Types Reference for more information about the
DBMS_AUDIT_MGMTpackage -
Oracle Database PL/SQL Packages and Types Reference for more information about the
DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_UNIfunction