D Considerations for Transitioning from Traditional to Unified Auditing
If you want to transition to unified auditing after you have upgraded to Oracle Database 23ai, note that most of the traditional auditing features will continue to exist in Oracle Database 23ai to help you transition smoothly.
Table D-1 describes how the characteristics of database auditing features differ with transition.
Table D-1 Characteristics of Oracle Database Auditing Features Before and After the Transition to Unified Auditing
Feature | Availability Before Transition | Availability After Transition |
---|---|---|
General Auditing Features |
- |
- |
Operating system audit trail |
Yes |
No |
XML file audit trail |
Yes |
No |
Network auditing |
Yes |
No |
The ability of users to audit and to removing auditing from their own schema objects |
Yes |
No |
Mandatory auditing of audit administrative actions |
No |
Yes |
Auditing Roles |
- |
- |
|
Yes, but not needed for users who want to audit their own objects, nor for users who already have the |
Yes |
|
Yes |
Yes |
System Tables |
- |
- |
|
Yes |
Yes, but will only have pre-transition audit records |
|
Yes |
Yes, but will only have pre-transition audit records |
Initialization Parameters |
- |
- |
|
Yes |
Yes, but will not have any effect |
|
Yes |
Yes, but will not have any effect |
|
Yes |
Yes, but will not have any effect |
|
Yes |
Yes, but will not have any effect |
Data Dictionary Views Foot 1 |
- |
- |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes, but will only have pre-transition audit records |
|
Yes |
Yes |
|
Yes |
Yes |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes, but will only have pre-transition audit records |
|
Yes |
Yes, but will only have pre-transition audit records |
|
Yes |
Yes, but will only have pre-transition audit records. The |
|
Yes |
Yes, but will only have pre-transition audit records. The |
|
Yes |
Yes |
|
Yes |
Yes |
|
Yes |
Yes |
|
Yes, but does not collect any audit records |
Yes, and collects audit records |
|
Yes |
Yes |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes, but only if fine-grained audit policies are created using the |
|
Yes |
Yes |
|
Yes |
Yes |
|
Yes |
Yes, but will only have pre-transition audit records |
|
Yes |
Yes |
|
Yes |
Yes, but will only have pre-transition audit records. The |
CREATE AUDIT POLICY, ALTER AUDIT POLICY, and DROP AUDIT POLICY Statements |
The statements are available, but the audit policies will not write to the old audit trails. When a policy is enabled, its audit records are written to the unified audit trail. |
Yes, but writes the audit record to the unified audit trail only |
AUDIT and NOAUDIT Statements |
- |
- |
|
Yes |
Yes, but enhanced to enable audit policies; create application context audit settings; create audit records on success, failure, or both; and use in a multitenant environment |
|
Yes |
Yes, but changed to disable audit policies, disable application context audit settings |
DBMS_FGA.ADD_POLICY Procedure Parameters |
- |
- |
|
Yes, and is used as in previous releases |
Yes, but when unified auditing is enabled, you can omit this parameter because all records will be written to the unified audit trail. |
DBMS_AUDIT_MGMT Package AUDIT_TRAIL_TYPE Property Options |
- |
- |
|
Yes |
Yes, but only pre-transition audit records |
|
Yes |
Yes, but only pre-transition audit records |
|
Yes |
Yes, but only pre-transition audit records |
|
Yes |
Yes, but only pre-transition audit records |
|
Yes |
Yes, but only pre-transition audit records |
|
Yes |
Yes, but only pre-transition audit records |
|
Yes |
Yes, but only pre-transition audit records |
Oracle Database Vault Features |
- |
- |
|
Yes |
Is renamed to |
Oracle Label Security Features |
- |
- |
|
Yes |
No |
Footnote 1
These data dictionary views will continue to show audit data from audit records that are still in the SYS.AUD$
and SYS.FGA_LOG$
system tables. Unified audit trail records are shown only in the unified audit trail-specific views. You must be granted the AUDIT_ADMIN
or AUDIT_VIEWER
role to query any views that are not prefaced with USER_
.
Parent topic: Appendixes