| |
 |
|
Oracle Tips by Burleson |
Chapter 11 Oracle Fine Grained Auditing
PL/SQL:
Statement ignored
Similarly, if the user decides to call the
procedure instead,
SQL> exec
secuser.set_client_id ('AAA');
BEGIN secuser.set_client_id ('AAA'); END;
*
ERROR at line 1:
ORA-06550: line 1, column 7:
PLS-00201: identifier 'SECUSER.SET_CLIENT_ID' must be
declared
ORA-06550: line 1, column 7:
PL/SQL: Statement ignored
The error message says it all. The user does
not have any execute privileges on the procedure. The only way the
client identifier can be set is by the logon trigger. We have made
sure the client identifier can be set in a secured way.
Securely Setting the
Value
Before concluding our discussion on the client
identifier, the only perplexing thing to mention here is to what its
value should be set. In the previous example, we have used OS user
as a value for the Client Identifier; but the OS user is available
anyway in the Fine Grained Auditing log table, so it probably does
not achieve a whole lot.
Other values
that can be placed here to convey a meaningful client identifier can
be some type of proprietary values. For instance, we can encrypt the
OS Username, Machine Name, Domain Name, LDAP Key or some other
appropriate value and make up a long
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
immediate download of working security scripts:
http://rampant-books.com/book_2003_2_audit.htm
 |
For more details and scripts, see my new book "
Oracle
Tuning: The Definitive Reference", over 900 pages
of BC's favorite tuning tips & scripts.
You can buy it direct from the publisher for 30%-off and get
instant access to the code depot. |
|
