UNIFIED_AUDIT

7.285 UNIFIED_AUDIT_TRAIL

When unified auditing is enabled in Oracle AI Database, the audit records are populated in this new audit trail.

This view displays audit records in tabular form by retrieving the audit records from the audit trail.

Note:

This view is populated only in an Oracle AI Database where unified auditing is enabled.

See Oracle AI Database Security Guide for more information about unified auditing.
See Oracle AI Database Upgrade Guide for more information about migrating to unified auditing.

Column	Datatype	Description
`AUDIT_TYPE`	`VARCHAR2(64)`	Type of auditing: `Database` `Vault` `Datapump` `Direct` `path` `API` `FineGrainedAudit` `KACL_AUDIT` `Label` `Security` `Protocol` `RMAN_AUDIT` `SQL` `Firewall` `Standard` `XS`
`SESSIONID`	`NUMBER`	Audit session identifier
`PROXY_SESSIONID`	`NUMBER`	Audit session identifier of proxying session
`OS_USERNAME`	`VARCHAR2(128)`	Name of the operating system user for the database session
`USERHOST`	`VARCHAR2(128)`	Name of the host machine from which the session was spawned
`TERMINAL`	`VARCHAR2(30)`	The operating system terminal of the user session
`INSTANCE_ID`	`NUMBER`	Instance number as specified in the initialization parameter file, init.ora
`DBID`	`NUMBER`	Database identifier of the audited database
`AUTHENTICATION_TYPE`	`VARCHAR2(1024)`	Authentication information for the session user See: "AUTHENTICATION_TYPE Description"
`DBUSERNAME`	`VARCHAR2(128)`	Database user name of the user whose actions were audited
`DBPROXY_USERNAME`	`VARCHAR2(128)`	Proxying user name, in the case of proxy authentication
`EXTERNAL_USERID`	`VARCHAR2(1024)`	External user name, in the case of network or external authentication
`GLOBAL_USERID`	`VARCHAR2(32)`	Global user identifier for the user, for a user logged in as an enterprise user
`CLIENT_PROGRAM_NAME`	`VARCHAR2(84)`	Name of the program used for the database session
`DBLINK_INFO`	`VARCHAR2(4000)`	Value of `SYS_CONTEXT('USERENV','DBLINK_INFO')`. Valid if the connection was via a database link.
`XS_USER_NAME`	`VARCHAR2(128)`	Name of the Real Application Security user
`XS_SESSIONID`	`RAW(33)`	Identifer of the Real Application Security session
`ENTRY_ID`	`NUMBER`	Numeric ID for each audit trail entry in the session
`STATEMENT_ID`	`NUMBER`	Numeric ID for each statement run (a statement may cause many actions)
`EVENT_TIMESTAMP`	`TIMESTAMP(6)`	Timestamp of the creation of the audit trail entry in the local time zone
`EVENT_TIMESTAMP_UTC`	`TIMESTAMP(6)`	Timestamp of the creation of the audit trail entry in UTC (Coordinated Universal Time)
`ACTION_NAME`	`VARCHAR2(64)`	Name of the action executed by the user. The name should be read in conjunction with the `AUDIT_TYPE` to understand the real action.
`RETURN_CODE`	`NUMBER`	Oracle error code generated by the action. Zero if the action succeeded
`OS_PROCESS`	`VARCHAR2(16)`	Operating system process identifier of the Oracle AI Database process
`TRANSACTION_ID`	`RAW(8)`	Transaction identifier of the transaction in which the object is modified
`SCN`	`NUMBER`	System change number (SCN) of the creation of the audit trail entry
`EXECUTION_ID`	`VARCHAR2(64)`	Execution context identifier for each action
`OBJECT_SCHEMA`	`VARCHAR2(128)`	Schema name of object affected by the action
`OBJECT_NAME`	`VARCHAR2(128)`	Name of the object affected by the action
`SQL_TEXT`	`CLOB`	SQL associated with the event
`SQL_BINDS`	`CLOB`	List of bind variables, if any, associated with `SQL_TEXT`
`APPLICATION_CONTEXTS`	`VARCHAR2(4000)`	Semicolon-seperated list of Application Context Namespace, Attribute, Value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=<value>) format
`CLIENT_IDENTIFIER`	`VARCHAR2(64)`	Client identifier in each Oracle session
`NEW_SCHEMA`	`VARCHAR2(128)`	The schema of the object named in the NEW_NAME column This column is populated only when `AUDIT_TYPE` = `Standard`.
`NEW_NAME`	`VARCHAR2(128)`	New name of object after RENAME, or name of underlying object (for example, CREATE INDEX owner.obj_name ON new_owner.new_name) This column is populated only when `AUDIT_TYPE` = `Standard`.
`OBJECT_EDITION`	`VARCHAR2(128)`	Name of the edition containing the audited object
`SYSTEM_PRIVILEGE_USED`	`VARCHAR2(1024)`	Comma-separated list of system privileges used to execute the action This column is populated only when `AUDIT_TYPE` = `Standard`.
`SYSTEM_PRIVILEGE`	`VARCHAR2(40)`	System privilege granted/revoked by a GRANT/REVOKE statement This column is populated only when `AUDIT_TYPE` = `Standard`.
`AUDIT_OPTION`	`VARCHAR2(40)`	AUDIT/NOAUDIT SQL command This column is populated only when `AUDIT_TYPE` = `Standard`.
`OBJECT_PRIVILEGES`	`VARCHAR2(37)`	Object privileges granted/revoked by a GRANT/REVOKE statement This column is populated only when `AUDIT_TYPE` = `Standard`.
`ROLE`	`VARCHAR2(128)`	Roles granted or revoked or set by GRANT/REVOKE/SET ROLE command This column is populated only when `AUDIT_TYPE` = `Standard`.
`TARGET_USER`	`VARCHAR2(128)`	User on whom the GRANT/REVOKE/AUDIT/NOAUDIT statement was executed This column is populated only when `AUDIT_TYPE` = `Standard`.
`EXCLUDED_USER`	`VARCHAR2(128)`	User who was excluded when the AUDIT/NOAUDIT statement was executed This column is populated only when `AUDIT_TYPE` = `Standard`.
`EXCLUDED_SCHEMA`	`VARCHAR2(128)`	Displays the schema of the excluded objects This column is populated only when `AUDIT_TYPE` = `Standard`.
`EXCLUDED_OBJECT`	`VARCHAR2(128)`	Displays object excluded from the action This column is populated only when `AUDIT_TYPE` = `Standard`.
`CURRENT_USER`	`VARCHAR2(128)`	Effective user for the statement execution
`ADDITIONAL_INFO`	`VARCHAR2(4000)`	Text comment on the audit trail entry, if any This column is populated only when `AUDIT_TYPE` = `Standard`.
`UNIFIED_AUDIT_POLICIES`	`VARCHAR2(4000)`	Lists the audit policies that caused the current audit record. For example, if `SELECT ON SCOTT.EMP` was configured from policy `SCOTT_EMP_POL`, for the `SELECT` event this column will display `SCOTT_EMP_POL`. If more than one policy was configured, the list of policies that caused the event to be recorded in the audit trail are displayed in a comma-separated list. This column has a NULL value for mandatory audit records. See Oracle AI Database Security Guide for information on activities that are mandatorily audited.
`FGA_POLICY_NAME`	`VARCHAR2(128)`	Fine-grained auditing (FGA) policy name that generated this FGA audit record This column is populated only when `AUDIT_TYPE` = `FineGrainedAudit`.
`XS_INACTIVITY_TIMEOUT`	`NUMBER`	Inactivity timeout of the Real Application Security session This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_ENTITY_TYPE`	`VARCHAR2(32)`	Type of the Real Application Security entity. Possible values are `USER`, `ROLE`, `ROLESET`, `SECURITYCLASS`, `ACL`, `DATASECURITY`, and `NSTEMPLATE`. This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_TARGET_PRINCIPAL_NAME`	`VARCHAR2(128)`	Target principal name in Real Application Security operations. Possible operations are set verifier, set password, add proxy, remove proxy, switch user, assign user, create session,and grant roles. This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_PROXY_USER_NAME`	`VARCHAR2(128)`	Name of the Real Application Security proxy user This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_DATASEC_POLICY_NAME`	`VARCHAR2(128)`	Name of the Real Application Security data security policy enabled or disabled This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_SCHEMA_NAME`	`VARCHAR2(128)`	Name of the schema in enable, disable data security policy and global callback operation This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_CALLBACK_EVENT_TYPE`	`VARCHAR2(32)`	Real Application Security global callback event type This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_PACKAGE_NAME`	`VARCHAR2(128)`	Real Application Security callback package name for the global callback This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_PROCEDURE_NAME`	`VARCHAR2(128)`	Real Application Security callback procedure name for the global callback This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_ENABLED_ROLE`	`VARCHAR2(128)`	The role that is enabled This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_COOKIE`	`VARCHAR2(1024)`	Real Application Security session cookie This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_NS_NAME`	`VARCHAR2(128)`	Name of the Real Application Security session namespace This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_NS_ATTRIBUTE`	`VARCHAR2(4000)`	Name of the Real Application Security session namespace attribute This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_NS_ATTRIBUTE_OLD_VAL`	`VARCHAR2(4000)`	The old value of the Real Application Security session namespace attribute This column is populated only when `AUDIT_TYPE` = `XS`.
`XS_NS_ATTRIBUTE_NEW_VAL`	`VARCHAR2(4000)`	The new value of the Real Application Security session namespace This column is populated only when `AUDIT_TYPE` = `XS`.
`DV_ACTION_CODE`	`NUMBER`	Numeric action type code for Database Vault This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_ACTION_NAME`	`VARCHAR2(128)`	Name of the action whose numeric code appears in the `DV_ACTION_CODE` column This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_EXTENDED_ACTION_CODE`	`NUMBER`	Numeric action type code for Database Vault administration This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_GRANTEE`	`VARCHAR2(128)`	Name of the user whose Database Vault authorization was modified This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_RETURN_CODE`	`NUMBER`	Database Vault specific error code This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_ACTION_OBJECT_NAME`	`VARCHAR2(128)`	The unique name of the Database Vault object that was modified This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_RULE_SET_NAME`	`VARCHAR2(128)`	The unique name of the rule set that was executing and caused the audit event to trigger This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_COMMENT`	`VARCHAR2(4000)`	Text comment on the audit trail entry, providing more information about the statement audited This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_FACTOR_CONTEXT`	`VARCHAR2(4000)`	An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`DV_OBJECT_STATUS`	`VARCHAR2(1)`	Indicates whether a particular Database Vault object is enabled or disabled. For example, if a Database Vault administrator enables or disables a realm, then this event will be audited and the `DV_OBJECT_STATUS` value will show the status of the realm after the event occurred. Possible values for this column are: `Y` - The object is enabled `N` - The object is disabled This column is populated only when `AUDIT_TYPE` = `Database` `Vault`.
`OLS_POLICY_NAME`	`VARCHAR2(128)`	Name of the Oracle Label Security (OLS) policy for which this audit record is generated This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_GRANTEE`	`VARCHAR2(1024)`	Name of the user whose OLS authorization was modified This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_MAX_READ_LABEL`	`VARCHAR2(4000)`	Maximum read label assigned to a user This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_MAX_WRITE_LABEL`	`VARCHAR2(4000)`	Maximum write label assigned to a user This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_MIN_WRITE_LABEL`	`VARCHAR2(4000)`	Minimum write label assigned to a user This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_PRIVILEGES_GRANTED`	`VARCHAR2(128)`	OLS privileges assigned to a user or a trusted stored procedure This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_PROGRAM_UNIT_NAME`	`VARCHAR2(128)`	Name of the trusted stored procedure whose authorization was modified or was executed This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_PRIVILEGES_USED`	`VARCHAR2(128)`	OLS privileges used for an event This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_STRING_LABEL`	`VARCHAR2(4000)`	String representation of the OLS label This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_LABEL_COMPONENT_TYPE`	`VARCHAR2(12)`	Type of the OLS label component This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_LABEL_COMPONENT_NAME`	`VARCHAR2(30)`	Name of the OLS label component This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_PARENT_GROUP_NAME`	`VARCHAR2(30)`	Name of the parent of the OLS group This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_OLD_VALUE`	`VARCHAR2(4000)`	Old value for OLS ALTER events This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`OLS_NEW_VALUE`	`VARCHAR2(4000)`	New value for OLS ALTER events This column is populated only when `AUDIT_TYPE` = `Label` `Security`.
`RMAN_SESSION_RECID`	`NUMBER`	RMAN session identifier. Together with `RMAN_SESSION_STAMP` uniquely identifies an RMAN job (note that this is not same as user session ID; the value is a recid in controlfile that identifies RMAN job) This column is populated only when `AUDIT_TYPE` = `RMAN_AUDIT`.
`RMAN_SESSION_STAMP`	`NUMBER`	Timestamp for the session This column is populated only when `AUDIT_TYPE` = `RMAN_AUDIT`.
`RMAN_OPERATION`	`VARCHAR2(20)`	The RMAN operation executed by the job. One row will be added for each distinct operation within an RMAN session. For example, a backup job would contain `BACKUP` in the `RMAN_OPERATION` column. This column is populated only when `AUDIT_TYPE` = `RMAN_AUDIT`.
`RMAN_OBJECT_TYPE`	`VARCHAR2(20)`	Type of objects involved for backup or restore/recover or change/delete/crosscheck commands. It contains one of the following values. If RMAN command does not satisfy one of them, then preference is given in order, from top to bottom of the list: `DB FULL` `RECVR AREA` `DB INCR` `DATAFILE FULL` `DATAFILE INCR` `ARCHIVELOG` `CONTROLFILE` `SPFILE` This column is populated only when `AUDIT_TYPE` = `RMAN_AUDIT`.
`RMAN_DEVICE_TYPE`	`VARCHAR2(5)`	Device involved in the RMAN job. It may be `DISK` or `SBT_TAPE` or `` (An `` indicates that more than one location is involved). For a backup job, it will be the output device type. For other commands (such as restore or crosscheck), it will be the input device type. This column is populated only when `AUDIT_TYPE` = `RMAN_AUDIT`.
`DP_TEXT_PARAMETERS1`	`VARCHAR2(512)`	Parameters during a Data Pump operation that have a text/string value. This may contain the values for: `ACCESS METHOD` `DATA OPTIONS` `DUMPER DIRECTORY` `JOB_TYPE` `JOB VERSION` `MASTER TABLE` `METADATA_JOB_MODE` `PARTITION OPTIONS` `REMOTE LINK` `SCHEMA` `TABLE EXISTS` For descriptions and more information about the settings that can appear for these Data Pump text parameters, see Table 7-3. This column is populated only when `AUDIT_TYPE` = `Datapump`.
`DP_BOOLEAN_PARAMETERS1`	`VARCHAR2(512)`	Parameters during a Data Pump operation that have a boolean value. This may contain the values for: `DATA_ONLY` - Boolean value for whether or not the operation processed data only (as opposed to metadata only, or metadata and data combined) `DUMPFILE_PRESENT` - Denotes whether a dump file exists. Typically, it indicates whether a network export in which no dumpfile is required. `ENCRYPTED` - Boolean value for whether or not encryption was used for the operation `JOB_RESTARTED` - Boolean that indicates if the export or import job had to be restarted `MASTER_ONLY` - Indicates whether the import job imported only the control job table and then stopped the job so that the contents of the control job table can be examined `METADATA_ONLY` - Boolean value for whether or not the operation processed metadata only (as opposed to data only, or metadata and data combined) This column is populated only when `AUDIT_TYPE` = `Datapump`.
`DP_WARNINGS1`	`VARCHAR2(512)`	Contains warnings issued during a Data Pump operation If no warnings were issued, this column contains `WARNING(S) ISSUED: No warnings issued`. This column is populated only when `AUDIT_TYPE` = `Datapump`.
`DIRECT_PATH_NUM_COLUMNS_LOADED`	`NUMBER`	Shows the number of columns that were loaded using the SQL*Loader direct path load method This column is populated only when `AUDIT_TYPE` = `Direct` `path` `API`.
`RLS_INFO`	`CLOB`	Stores virtual private database (VPD), Oracle Label Security (OLS), Real Application Security (RAS), and redaction policy names and predicates separated by a delimiter. In the case of redaction policies, the policy expression is displayed in place of the predicate. To format the output into individual rows, use the `DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_UNI` function.
`KSACL_USER_NAME`	`VARCHAR2(128)`	The connecting user name The value in this column is meaningful only when the `UNIFIED_AUDIT_TRAIL.RETURN_CODE` is `46981`, which is the denial-of-service (DoS) error code. This column is populated only when `AUDIT_TYPE` = `KACL_AUDIT`.
`KSACL_SERVICE_NAME`	`VARCHAR2(512)`	The target database service name The value in this column is meaningful only when the `UNIFIED_AUDIT_TRAIL.RETURN_CODE` is `46981`, which is the denial-of-service (DoS) error code. This column is populated only when `AUDIT_TYPE` = `KACL_AUDIT`.
`KSACL_SOURCE_LOCATION`	`VARCHAR2(48)`	The source location of the initiating connection The value in this column is meaningful only when the `UNIFIED_AUDIT_TRAIL.RETURN_CODE` is `46981`, which is the denial-of-service (DoS) error code. This column is populated only when `AUDIT_TYPE` = `KACL_AUDIT`.
`PROTOCOL_SESSION_ID`	`NUMBER`	Oracle XML DB session ID The `PROTOCOL_*` columns in this view are meaningful when auditing Oracle XML DB protocol (HTTP or FTP) messages. You can use this column to identify audit records from the same Oracle XML DB session. This column is populated only when `AUDIT_TYPE` = `Protocol`.
`PROTOCOL_RETURN_CODE`	`NUMBER`	Return code for the Oracle XML DB protocol request This value is logged in the audit records for both the reply message containing the return code and its corresponding request message. For HTTP requests, a return code of `200` `(OKAY)` or `304` `(NOT-MODIFIED)` is considered successful, and a return code of `207` means the reply may have multiple components with separate return codes. All other HTTP return codes are considered unsuccessful. This column is populated only when `AUDIT_TYPE` = `Protocol`.
`PROTOCOL_ACTION_NAME`	`VARCHAR2(32)`	Indicates the protocol and method for the Oracle XML DB protocol message This value is of the form `protocol`-`method`. Possible values for `protocol` are `HTTP` or `FTP`. Examples: `HTTP-GET` and `FTP-RETR`. Note that the HTTP `GET` and `HEAD` methods are both logged as `HTTP-GET`. Unrecognized methods are logged as `HTTP-UNKNOWN` or `FTP-UNKNOWN`. This column is populated only when `AUDIT_TYPE` = `Protocol`.
`PROTOCOL_USERHOST`	`VARCHAR2(128)`	IP address of the client This column is populated only when `AUDIT_TYPE` = `Protocol`.
`PROTOCOL_MESSAGE`	`VARCHAR2(4000)`	Text of the Oracle XML DB protocol message This column is populated only when `AUDIT_TYPE` = `Protocol`.
`DB_UNIQUE_NAME`	`VARCHAR2(257)`	Unique database name of the audited database, which is defined by the `DB_UNIQUE_NAME` initialization parameter. This value is useful for differentiating between the primary and standby databases in an Oracle Data Guard configuration.
`OBJECT_TYPE`	`VARCHAR2(23)`	Object type of the object being audited
`FW_ACTION_NAME`	`VARCHAR2(30)`	Name of the action This column is populated only when `AUDIT_TYPE` = `SQL` `Firewall`.
`FW_RETURN_CODE`	`NUMBER`	Return code of the SQL execution This column is populated only when `AUDIT_TYPE` = `SQL` `Firewall`.
`SOURCE`	`VARCHAR2(8)`	Source of the audit record: `FILE` - Refers to records from the operating system spillover files in each database instance `DATABASE` - Refers to records from the `AUDSYS.AUD$UNIFIED` table
`SCHEMA`	`VARCHAR2(4000)`	Schema name If a schema privilege was used to execute the action, this column displays the schema and the `SYSTEM_PRIVILEGE_USED` column displays the privilege granted on the schema. If a schema privilege was granted or revoked by a `GRANT` or `REVOKE` statement, this column displays the schema and the `SYSTEM_PRIVILEGE` column displays the privilege that was granted to or revoked from the schema. Otherwise, the value of this column is null. This column is populated only when `AUDIT_TYPE` = `Standard`.
`DP_CLOB_PARAMETERS1`	`CLOB`	Parameters used by Data Pump export or import, in JSON format This column is populated only when `AUDIT_TYPE` = `Datapump`.

Table 7-3 Data Pump Text Parameter Descriptions

Parameter	Description
`ACCESS METHOD`	The method used to load the data. Settings can be: `AUTOMATIC`: Enables Oracle Data Pump to determine the optimal load method `DIRECT_PATH` : Uses the direct path API to pass the data to be loaded. `EXTERNAL_TABLE`: Loads data using the external tables option. `CONVENTIONAL`: Loads the data using SQL `INSERT` statements
`DATA OPTIONS`	Indicates how certain types of data were handled during import operations. Settings are in bit-mask format, which are as follows: `1` (`SKIP_CONSTRAINT_ERRORS`): Specifies that the import operation proceeded even if non-deferred constraint violations were encountered. `8` (`DISABLE_APPEND_HINT`): The import operation did not use the `APPEND` hint while loading a data object. `16` (`REJECT_ROWS_WITH_REPL_CHAR`): Warnings are issued when the replacement character may be used and an option was added to reject data rows where the replacement character was used during a Data Pump import. This situation can occur if different character sets are used for the export/import process
`DUMPER DIRECTORY`	Not in use
`JOB_TYPE`	Is either `EXPORT` or `IMPORT`
`JOB VERSION`	Specifies the version of database objects that were imported
`MASTER TABLE`	Indicates the name of the control job table. By default, it appears as follows for export operations: schema_name.SYS_EXPORT_TABLE_n For import operations, it appears as follows: schema_name.SYS_IMPORT_TABLE_n The `n` represents a numeric value of `01`. If 01 is in use, the number is incremented with `02`, `03`, and so on.
`METADATA_JOB_MODE`	Type of export or import operation. For example a table export would be `TABLE_EXPORT`
`PARTITION OPTIONS`	Indicates how table partitions were created during an import operation. Settings can be: `NONE`: The tables were created as they existed on the system from which the export operation was performed. `DEPARTITION`: Each partition or subpartition was promoted to a new individual table. `MERGE`: All partitions and subpartitions were merged into one table
`REMOTE LINK`	Indicates that the export was performed from a (source) database identified by a valid database link. The data from the source database instance was written to a dump file set on the connected database instance.
`SCHEMA`	Indicates the schema containing the data that was exported or imported
`TABLE EXISTS`	Indicates the action that was taken on an import operation when the target table already existed. The values are as follows: `REPLACE` `TRUNCATE` `SKIP` `APPEND`

AUTHENTICATION_TYPE Description

The AUTHENTICATION_TYPE column of UNIFIED_AUDIT_TRAIL displays authentication information for the session user.

The value of this column is a string with the following syntax:

(TYPE=(auth_string));(CLIENT ADDRESS=((PROTOCOL=protocol)(HOST=client_ip_address)(PORT=client_port_number)));[(LOGON_INFO=((VERIFIER=%s-%s)(CLIENT_CAPABILITIES=%s));]

(TYPE=(auth_string));

Indicates the type of authentication for the session user.

Possible values for auth_string:
- DATABASE - Username/password authentication
- DIRECTORY PASSWORD - Directory-based user authentication
- NETWORK SERVICE - Authentication was performed by Oracle Net Services or strong authentication
- OS - Operating system external user authentication
- PROXY - OCI proxy connection authentication
(CLIENT ADDRESS=((PROTOCOL=protocol)(HOST=client_ip_address)(PORT=client_port_number)));

Displays the protocol used by the client, such as ipc, sdp, tcp, or tcps, the client IP address, and the client port number.
(LOGON_INFO=((VERIFIER=version-rollover_state)(CLIENT_CAPABILITIES=capability_list));

This syntax is displayed only if authentication was completed during gradual database password rollover.

The value of VERIFIER comprises the following two values, separated by a hyphen:
- version - Indicates the password version (11G or 12C)
- rollover_state - Indicates whether the user was authenticated with the OLD password or the NEW password
For CLIENT_CAPABILITIES, the value of capabilitiy_list is a comma-separated list of one or more of the following client capabilities: O5L_NP, O7L_MR, or O8L_LI. See Oracle AI Database Net Services Reference for more information about client capabilities.