Auditing objects v17
Object-level auditing allows selective auditing of objects for specific data manipulation language (DML) statements, such as SELECT
, UPDATE
, DELETE
, and INSERT
, on a given table. Object-level auditing also lets you include or exclude specific groups by specifying (@)
or (-)
with the edb_audit_statement
parameter. For more information about DML statements, see Selecting SQL statements to audit.
Use the following syntax to specify an edb_audit_statement
parameter value for SELECT
, UPDATE
, DELETE
, or INSERT
statements:
Example
In this example, edb_audit_connect
and edb_audit_statement
are set with the following non-default values:
The SQL statements invoked by the SELECT
, INSERT
, UPDATE
, and DELETE
commands are audited.
The following is the database session that occurs:
Setting the edb_audit_statement
parameter to 'select@low_security@high_security, insert@high_security-low_security, update-low_security@high_security, delete@low_security-high_security'
for the enterprisedb
user and edb
database allows auditing of SELECT
, INSERT
, UPDATE
or DELETE
statements including (@)
and excluding -
for a group in the audit log file.
For a table in the log file:
select@low_security@high_security
auditsSELECT
statements of thelow_security
andhigh_security
audit groups.insert@high_security-low_security
auditsINSERT
statements ofhigh_security
and excludes the insert statements oflow_security
audit group.update-low_security@high_security
auditsUPDATE
statements ofhigh_security
and excludes the update statements of thelow_security
audit group.delete@low_security-high_security
auditsDELETE
statements oflow_security
and excludes the delete statements ofhigh_security
audit group for a table in the log file.
The resulting audit log file contains the following. (Each audit log entry was split and displays across multiple lines. A blank line was inserted between the audit log entries for visual clarity.)
- On this page
- Example