Audit Admin and Audit Viewer from Oracle 12c

Oracle auditing could be categorized into two essential classes which are standard auditing and FAG. Standard auditing delivers the capability to perform an audit based on the user, statements, privileges, and also schema objects. On the other hand, FGA offers the capability to exact application table columns tentatively based on the aspects like program name or maybe IP address used to get the connection to the database itself. “The Oracle database can write audit records to a database table or an operating system file (oracle.com, 2010).”

To facilitate a better result, Oracle 12c recently has launched two default roles as mentioned below.

1.      Audit Admin

Audit Admin is a role that allows us to arrange the auditing and administer both unified audit policies, and also fine-grained audit policies. In addition to this, this role also enables us to outlook and investigate the audit data. Usually, this role is granted to security administrators.

2.      Audit Viewer

Audit Viewer is a role that allows us to only sight and audit the data. Usually, this role is granted to the internal or external auditors.

Auditing is typically used to perform some activities such as allowing the accountability of user, discouraging incongruous actions of the user, and also analyzing for any suspicious activity as well. In other words, auditing is really useful for numbers of reasons as mentioned below (docs.oracle.com, n.d.).

·         Allow accountability intended for actions, which include some actions reserved by a specific schema, row, table, or impacting any particular content.

·         Discourage the user from incorrect actions by using that accountability as the foundation.

·         Analyze any suspicious action. An example for this, if any user is removing data from tables, then a security administrator may finally decide to audit the entire links to the database, along with both successful and unsuccessful rows deletion of the whole tables clipped in the database.

·         Identify the issues with an authorization or an entrance control application. An example of this is, you would able to make your expected audit policies that never produce any audit record since the data is secured in different methods. But, if some audit records produced by those policies, then you will notice that the different security controls are not applied properly.

 and  which introduced by Oracle 12c are created to manage and observe the settings of audit correspondingly. The SQL statements below grant both roles above to the Auditman and Auditviewer users:

·         grant audit_admin to auditman

·         grant audit_viewer to auditviewer

Once we have executed the two statements above, the  user would able to manage the settings of audit and also the audit trails as well. On the other hand, the user would only able to view the audit trails, and unable to manage or modify them. This enables for divided tasks in which one advantaged user (typically comes from individual who belongs to the security team) arrays up all the things that must be edited. However, a report mentioned that “the multiple reviewers would able to analyze these trails without any risk of contaminating them (Nanda, 2015).”