About Auditing Autonomous Database

Autonomous Database provides auditing to track, monitor, and record database actions. Auditing can help you detect security risks and improve regulatory compliance for your database.

Audit Features on Autonomous Database

Autonomous Database includes extensive, sophisticated audit capabilities that allow you capture the audit information you need for your organization. Autonomous Database provides default auditing.

In addition, you can use either of the following to apply auditing policies:

You can configure auditing to accomplish the following:

  • Enable accountability for actions. These include actions taken in a particular schema, table, or row, or affecting specific content.

  • Deter users, or others, such as intruders, from inappropriate actions based on their accountability.

  • Investigate suspicious activity. For example, if a user is logging into the database using the application's database credentials, then auditing connections to the database lets you determine that the login came from a user's workstation instead of from the application server.

  • Notify an auditor of the actions of an unauthorized user. For example, notify an auditor when an unauthorized user attempts to delete data from a table.

  • Monitor and gather data about specific database activities. For example, you can gather statistics about which tables are being updated, the number of failed logins, or how many concurrent users connect at peak times.

  • Detect problems with an authorization or access control implementation. For example, you can create audit policies that you expect will never generate an audit record because the data is protected in other ways. However, if these policies generate audit records, then you will know the other security controls are not properly implemented.

  • Address auditing requirements for compliance. Regulations such as the following have common auditing-related requirements:

    • European Union General Data Protection Regulation (GDPR)

    • Sarbanes-Oxley Act

    • Health Insurance Portability and Accountability Act (HIPAA)

    • International Convergence of Capital Measurement and Capital Standards: a Revised Framework (Basel II)

    • Japan Privacy Law

    • European Union Directive on Privacy and Electronic Communications

Audit Data on Autonomous Database

Autonomous Database protects audit data and writes its audit trail to the UNIFIED_AUDIT_TRAIL data dictionary view.

The underlying table storing audit data on Autonomous Database is AUDSYS.AUD$UNIFIED. This table is protected and does not allow users to perform DML/DDL operations or to purge the table (any attempt to perform these actions automatically produces an audit record). After an audit record is written, the only activity allowed is for the ADMIN user to perform a PURGE. The ADMIN has the AUDIT_ADMIN role that is required to run a PURGE. If you assign the AUDIT_ADMIN role to another user, then that user could also perform a PURGE.

Depending on the number and type of audit policies you use and the amount of activity, over time the audit trail can grow to use a large amount of storage. Autonomous Database provides the following ways to limit the storage required for audit data:

  • Each Autonomous Database instance runs an automated purge job once a day to remove all audit records older than fourteen (14) days.

  • Users with the AUDIT_ADMIN role can purge audit records manually using the DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL procedure. See DBMS_AUDIT_MGMT for more information.

If you need a longer audit data retention period than 14 days, use Oracle Data Safe to retain audit data. See Extend Audit Record Retention with Oracle Data Safe for more information.

Default Audit Policies on Autonomous Database

Autonomous Database provides auditing to track, monitor, and record activities on your database.

By default, Autonomous Database applies audit policies to audit the following database activities:

  • All activity by Oracle Cloud Operations

  • All login failures to the database

  • All password changes

  • Attempts to create or alter procedures

  • Execution of certain procedures, including procedures in the packages: UTL_HTTP or UTL_SMTP that connect to the network

In addition, you can use either of the following to apply additional auditing policies: