基本语法：

CREATE AUDIT POLICY <policy_name> AUDITING <audit_status_clause><audit_actions> LEVEL <audit_level>

语法元素：

 <policy_name> ::= <identifier><audit_status_clause> ::= SUCCESSFUL | UNSUCCESSFUL | ALL <audit_actions> ::= ACTIONS FOR <user_name>[, <user_name>]| <audit_action_list> [FOR <user_name>[, <user_name>]]| <target_audit_action_list> [FOR <user_name>[, <user_name>]...]<user_name> ::= <simple_identifier><audit_action_list> ::= <audit_action_name>[, <audit_action_name>]...<target_audit_action_list> ::= <target_audit_action_name>[, <target_audit_action_name] ON <object_name>[, <object_name>]<audit_action_name> ::= GRANT PRIVILEGE                   | REVOKE PRIVILEGE | GRANT STRUCTURED PRIVILEGE       | REVOKE STRUCTURED PRIVILEGE  | GRANT APPLICATION PRIVILEGE      | REVOKE APPLICATION PRIVILEGE  | GRANT ROLE                       | REVOKE ROLE | GRANT ANY                        | REVOKE ANY | CREATE USER                      | DROP USER    | CREATE ROLE                      | DROP ROLE  | ENABLE AUDIT POLICY              | DISABLE AUDIT POLICY| CREATE STRUCTURED PRIVILEGE      | DROP STRUCTURED PRIVILEGE| ALTER STRUCTURED PRIVILEGE       | CONNECT  | SYSTEM CONFIGURATION CHANGE      | SET SYSTEM LICENSE| UNSET SYSTEM LICENSE             | ALTER USER| REPOSITORY_ACTIVATE              | DROP TABLE <target_audit_action_name> ::= INSERT | UPDATE | DELETE | SELECT | EXECUTE<audit_level> ::= EMERGENCY | ALERT | CRITICAL | WARNING | INFO<object_name> ::= <table_name> | <view_name> | <procedure_name><table_name>       ::= [<schema_name>.]<identifier><view_name>        ::= [<schema_name>.]<identifier><procedure_name>   ::= [<schema_name>.]<identifier><schema_name>  ::= <identifier>

Description

The CREATE AUDIT POLICY statement creates a new audit policy. This audit policy can then be enabled and will cause the auditing of the specified audit actions to occur.
Only database users having the system privilege AUDIT ADMIN are allowed to create an audit policy.
The specified audit policy name must be unique not match the name of an existing audit policy.
An audit policy defines which audit actions will be audited. Audit policies need to be enabled for auditing to occur happen.
One audit policy can contain one of the following:

• non-restricted auditing for n (>=1) users
• auditing for actions not restricted to objects
• auditing for actions which are restricted to objects.

For the last two alternatives listed, an optional restriction for user(s) is available.

The <audit_status_clause> defines if successful, unsuccessful or all executions of the specified audit actions are audited.

The table below contains the available audit actions. They are grouped in several groups. Audit actions in the same group can be combined into one audit policy. Audit actions of different groups can not be combined into the same audit policy.

Only objects of type table, view, and procedure can be specified in the <target_audit_action_list>. Synonyms and sequences cannot be selected as objects for audit policies. Furthermore only those <target_audit_action_name>s can be combined with an object. The following table shows an overview of auditable actions on objects.

Each audit policy is assigned to an audit level. The possible levels, in decreasing order of importance, are: EMERGENCY, ALERT, CRITICAL, WARNING, INFO.

To make auditing occur, audit policies have to be created and enabled. Also the configuration parameter global_auditing_state (see below) has to be set to true.

Configuration Parameter

Currently the configuration parameter for auditing are stored in global.ini, in the auditing configuration section and are the following:

global_auditing_state ( 'true' / 'false' ) to activate / deactivate auditing globally, no matter how many audit policies are available and enabled. The default is false, meaning: no auditing will occur.
default_audit_trail_type ( 'SYSLOGPROTOCOL' / 'CSVTEXTFILE' ) to specify, how to store the auditing results. SYSLOGPROTOCOL is the default.
CSVTEXTFILE should be used only for testing purposes.
default_audit_trail_path to specify where to store the audit file, in the case that CSVTEXTFILE has been selected.

As for all configuration parameters, these parameters can be selected in view M_INIFILE_CONTENTS, if the current user has the required privilege to do so. These parameters will only be seen in case they have been explicitly set.

System and Monitoring Views

AUDIT_POLICY: shows all audit policies and their states
M_INIFILE_CONTENTS: shows the configuration parameter concerning auditing

Only database users with system privilege CATALOG READ, DATA ADMIN or INIFILE ADMIN can view information in the M_INIFILE_CONTENTS view. For other database users this view will be empty.

Example

Your create a new audit policy named priv_audit that will audit successful granting and revoking of privileges and roles. The audit policy has the medium audit level CRITICAL.
This policy has to be enabled explicity to make the auditing of the audit policy occur.

You create a new audit policy named object_audit that will audit the inserts into the existing table MY_SCHEMA.MY_TABLE. This policy has to be enabled explicity to make the auditing of the audit policy occur. This policy is restricted to user FRED and uses the audit level INFO.

其他例子

-- create audit policy
CREATE AUDIT POLICY policyAdministratePrincipals AUDITING ALL
CREATE ROLE, DROP ROLE, CREATE USER, DROP USER LEVEL Critical;

--disable audit policy
ALTER AUDIT POLICY policyAdministratePrincipals disable;

--enable audit policy
ALTER AUDIT POLICY policyAdministratePrincipals enable;

--query audit policy
select * from "PUBLIC"."AUDIT_POLICIES"