17.2 Create an Audit Policy

Define a custom unified audit policy to audit the commands used to configure Oracle Deep Data Security (Deep Sec), such as creating end users, managing data grants, and assigning data roles.

The following example creates a policy that audits a subset of Deep Sec configuration actions:

1. Create an audit policy.

   CREATE AUDIT POLICY deep_sec_config_pol
     ACTIONS
       CREATE END USER,
       ALTER END USER,
       DROP END USER,
       CREATE DATA GRANT,
       DROP DATA GRANT;
   

2. Enable the policy.

   AUDIT POLICY deep_sec_config_pol;

   When these actions are audited, the UNIFIED_AUDIT_TRAIL records the SQL text, object name, and object type for each operation in the standard audit trail columns. See UNIFIED_AUDIT_TRAIL in Oracle AI Database Reference.

You can extend this policy to include additional Deep Sec configuration actions as needed, such as data role and application identity operations.

For more information on creating and managing unified audit policies, see Creating Custom Unified Audit Policies in Oracle AI Database Security Guide.