Unified Auditing AUDIT_ADMIN and AUDIT_VIEWER Roles Changes

You may need to rename or drop AUDIT_ADMIN and AUDIT_VIEWER roles before upgrading.

In Oracle Database 12c, if you use Unified Auditing, then two AUDSYS roles may exist in your Oracle Database 11g release 2 ( and earlier releases that affect upgrading: AUDIT_ADMIN and AUDIT_VIEWER. Because of changes in these roles, you must drop these earlier release users or user roles before you can upgrade to Oracle Database 12c release 1 (12.1) or later.

If you have created AUDIT_ADMIN and AUDIT_VIEWER users or roles with Oracle Database 12c release 1 (12.1), then you do not need to drop these users or roles.

Only drop the AUDSYS schema and the AUDIT_ADMIN and AUDIT_VIEWER roles if both of the following conditions are true:

  • The version from which you are upgrading is earlier than Oracle Database 12c release 1 (12.1)

  • You have created a custom schema with the name AUDSYS

If you are affected by this requirement, and you cannot drop these AUDSYS roles, then select the UNIFIED_AUDIT_TRAIL view, create your own table, using similar definitions, and use this table to take a backup of the Unified Audit data. Oracle recommends that you carry out this procedure also if you may want to downgrade to your earlier release database.

The Pre-Upgrade Information Tool and DBUA perform a pre-upgrade check to make sure these users or roles do not exist in the database. Oracle recommends that you do not use these names in your databases. If these users or roles exist, then you should rename or drop them as appropriate before upgrading to Oracle Database 12c.

See Also:

Oracle Database Security Guide for information on configuring privilege and role authorization for database security