9.136 V$XML_AUDIT_TRAIL

V$XML_AUDIT_TRAIL shows standard, fine-grained, SYS, and mandatory audit records written in XML format files.

Note:

This view is populated only in an Oracle Database where unified auditing is not enabled. When unified auditing is enabled in Oracle Database, the audit records are populated in the new audit trail and can be viewed from UNIFIED_AUDIT_TRAIL.

Column Datatype Description

AUDIT_TYPE

NUMBER

Type of audit row:

  • 1 = Standard XML Audit

  • 2 = Fine Grained XML Audit

  • 4 = SYS XML Audit

  • 8 = Mandatory XML Audit

SESSION_ID

NUMBER

Numeric ID for the Oracle session

PROXY_SESSIONID

NUMBER

Proxy session serial number, if an enterprise user has logged in through a proxy mechanism

STATEMENTID

NUMBER

Numeric ID for the statement run (a statement may cause multiple audit records)

ENTRYID

NUMBER

Numeric ID for the audit trail entry in the session

EXTENDED_TIMESTAMP

TIMESTAMP(6) WITH TIME ZONE

Timestamp of the audited operation (the timestamp of the user's logon for entries is created by AUDIT SESSION)

GLOBAL_UID

VARCHAR2(32)

Global user identifier for the user, if the user has logged in as an enterprise user

DB_USER

VARCHAR2(128)

Database username of the user whose actions were audited

CLIENTIDENTIFIER

VARCHAR2(64)

Client identifier in the Oracle session

EXT_NAME

VARCHAR2(1024)

User's external name

OS_USER

VARCHAR2(128)

Operating system logon user name of the user whose actions were audited

OS_HOST

VARCHAR2(128)

Client host system name

OS_PROCESS

VARCHAR2(16)

Operating system process identifier of the Oracle server process

TERMINAL

VARCHAR2(30)

Identifier for the user's terminal

INSTANCE_NUMBER

NUMBER

Instance number as specified by the INSTANCE_NUMBER initialization parameter

OBJECT_SCHEMA

VARCHAR2(128)

Owner of the audited object

OBJECT_NAME

VARCHAR2(128)

Name of the object affected by the action

POLICY_NAME

VARCHAR2(128)

Name of the fine-grained auditing policy

NEW_OWNER

VARCHAR2(128)

Owner of the object named in the NEW_NAME column

NEW_NAME

VARCHAR2(128)

New name of object after renaming, or the name of an underlying object (for example, CREATE INDEX owner.obj_name ON new_owner.new_name)

ACTION

NUMBER

Numeric code for the action type

STATEMENT_TYPE

NUMBER

Description of the action

TRANSACTIONID

RAW(8)

Identifier of the transaction in which the object is accessed or modified

RETURNCODE

NUMBER

Oracle error code generated by the action. Zero if the action succeeded.

SCN

NUMBER

System change number (SCN) of the query

COMMENT_TEXT

VARCHAR2(4000)

Text comments on standard audit entries. Also indicates how the user was authenticated - the method can be one of the following:

  • DATABASE - authentication was done by password

  • NETWORK - authentication was done by Oracle Net Services or the Advanced Networking Option

  • PROXY - the client was authenticated by another user. The name of the proxy user follows the method type.

AUTH_PRIVILEGES

VARCHAR2(32)

Privileges granted and revoked in GRANT and REVOKE statements recorded for standard audit trail entry

GRANTEE

VARCHAR2(128)

User who granted or revoked the privilege

PRIV_USED

NUMBER

Numerical code of privileges, if any, used in the action

SES_ACTIONS

VARCHAR2(16)

Session summary for standard audit records. A string of 12 characters, one for each action type, in the following order: Alter, Audit, Comment, Delete, Grant, Index, Insert, Lock, Rename, Select, Update, Flashback.

Values: - = None, S=Success, F=Failure, B=Both

OS_PRIVILEGE

VARCHAR2(7)

This column is populated only for administrative authentication audit records. It contains the administrative privilege used (for example, SYSDBA, SYSOPER, NONE).

For all other types of audit records, the value of this column is null.

ECONTEXT_ID

VARCHAR2(64)

Application execution context identifier

SQL_BIND

VARCHAR2(4000)

List of bind variables used in the statement

SQL_TEXT

VARCHAR2(4000)

The statement or command that triggered the audit event

OBJ_EDITION_NAME

VARCHAR2(128)

Name of the edition containing the audited object

DBID

NUMBER

Database identifier of the audited database

RLS_INFO

VARCHAR2(4000)

Stores virtual private database (VPD) policy names and predicates separated by delimiter.

To format the output into individual rows, use the DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_XML function.

CURRENT_USER

VARCHAR2(128)

Effective user for the statement execution

CON_ID

NUMBER

The ID of the container to which the data pertains. Possible values include:

  • 0: This value is used for rows containing data that pertain to the entire CDB. This value is also used for rows in non-CDBs.

  • 1: This value is used for rows containing data that pertain to only the root

  • n: Where n is the applicable container ID for the rows containing data

Note:

The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to xml, extended or if the AUDIT_SYS_OPERATIONS initialization parameter is set to TRUE.

See Also: