17.1 Auditable Actions

Oracle Unified Auditing can capture Oracle Deep Data Security (Deep Sec) configuration and security context lifecycle operations. Create custom audit policies with the actions listed below to track policy administration, role assignments, data grant changes, and end-user security context management.

Configuration actions

Database administrators (DBAs) use the following actions to configure Deep Sec. You can include these actions in a unified audit policy:

• CREATE END USER
• ALTER END USER
• DROP END USER
• CREATE APPLICATION IDENTITY
• DROP APPLICATION IDENTITY
• CREATE DATA ROLE
• DROP DATA ROLE
• GRANT DATA ROLE
• REVOKE DATA ROLE
• CREATE DATA GRANT
• DROP DATA GRANT
• CREATE END USER CONTEXT
• DROP END USER CONTEXT

Security context lifecycle actions

The following action tracks the creation of end-user security contexts. This action occurs automatically during session establishment and can be used to trace database activity back to specific end-user sessions.

Because this action may generate a large number of audit records, it is not audited when you configure an audit policy with ACTIONS ALL. To audit this action, you must specify it explicitly in your audit policy.

• CREATE END USER SECURITY CONTEXT