Overview

This type allows you to enable or disable auditing inside an Oracle Database.

Here is an example to set auditing on the SYS.AUD$ table:

ora_object_audit { 'SYS.AUD$@test':
  ensure            => 'present',
  alter_failure     => 'by_access',
  alter_success     => 'by_access',
  audit_failure     => 'by_access',
  audit_success     => 'by_access',
  comment_failure   => 'by_access',
  comment_success   => 'by_access',
  flashback_failure => 'by_access',
  flashback_success => 'by_access',
  grant_failure     => 'by_access',
  grant_success     => 'by_access',
  index_failure     => 'by_access',
  index_success     => 'by_access',
  insert_failure    => 'by_access',
  insert_success    => 'by_access',
  lock_failure      => 'by_access',
  lock_success      => 'by_access',
  rename_failure    => 'by_access',
  rename_success    => 'by_access',
  select_failure    => 'by_access',
  select_success    => 'by_access',
  update_failure    => 'by_access',
  update_success    => 'by_access',
}

Some audit options only apply to some types of database records. Specify only those options that apply to the object you want to audit.

Attributes

Attribute Name Short Description
alter_failure Auditing option for the issuance of a failed ALTER operation on that object.
alter_success Auditing option for the issuance of a successful ALTER operation on that object.
audit_failure Auditing option for the issuance of a failed AUDIT operation on that object.
audit_success Auditing option for the issuance of a successful AUDIT operation on that object.
comment_failure Auditing option for the issuance of a failed COMMENT operation on that object.
comment_success Auditing option for the issuance of a successful COMMENT operation on that object.
create_failure Auditing option for the issuance of a failed CREATE operation on that object.
create_success Auditing option for the issuance of a successful CREATE operation on that object.
delete_failure Auditing option for the issuance of a failed DELETE operation on that object.
delete_success Auditing option for the issuance of a successful DELETE operation on that object.
disable_corrective_change Disable the modification of a resource when Puppet decides it is a corrective change.
disable_corrective_ensure Disable the creation or removal of a resource when Puppet decides is a corrective change.
ensure The basic property that the resource should be in.
execute_failure Auditing option for the issuance of a failed EXECUTE operation on that object.
execute_success Auditing option for the issuance of a failed EXECUTE operation on that object.
flashback_failure Auditing option for the issuance of a failed FLASHBACK operation on that object.
flashback_success Auditing option for the issuance of a successful FLASHBACK operation on that object.
grant_failure Auditing option for the issuance of a failed GRANT operation on that object.
grant_success Auditing option for the issuance of a successful GRANT operation on that object.
index_failure Auditing option for the issuance of a failed INDEX operation on that object.
index_success Auditing option for the issuance of a successful INDEX operation on that object.
insert_failure Auditing option for the issuance of a failed INSERT operation on that object.
insert_success Auditing option for the issuance of a successful INSERT operation on that object.
lock_failure Auditing option for the issuance of a failed LOCK operation on that object.
lock_success Auditing option for the issuance of a successful LOCK operation on that object.
name The object and name combination you want to manage.
object_name The object name.
owner The owner of the table you want to audit.
provider resource.
read_failure Auditing option for the issuance of a failed READ operation on that object.
read_success Auditing option for the issuance of a successful READ operation on that object.
rename_failure Auditing option for the issuance of a failed RENAME operation on that object.
rename_success Auditing option for the issuance of a successful RENAME operation on that object.
select_failure Auditing option for the issuance of a failed SELECT operation on that object.
select_success Auditing option for the issuance of a successful SELECT operation on that object.
sid SID to connect to.
update_failure Auditing option for the issuance of a failed UPDATE operation on that object.
update_success Auditing option for the issuance of a successful UPDATE operation on that object.
write_failure Auditing option for the issuance of a failed WRITE operation on that object.
write_success Auditing option for the issuance of a successful WRITE operation on that object.

alter_failure

Auditing option for the issuance of a failed ALTER operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  alter_failure => 'on_access',
  ...
}

This enables the auditing of failed alters on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

alter_success

Auditing option for the issuance of a successful ALTER operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  alter_success => 'on_access',
  ...
}

This enables the auditing of successful alters on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

audit_failure

Auditing option for the issuance of a failed AUDIT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  audit_failure => 'on_access',
  ...
}

This enables the auditing of failed audit operations on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

audit_success

Auditing option for the issuance of a successful AUDIT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  audit_success => 'on_access',
  ...
}

This enables the auditing of successful audit operations on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

comment_failure

Auditing option for the issuance of a failed COMMENT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  comment_failure => 'on_access',
  ...
}

This enables the auditing of failed comments on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

comment_success

Auditing option for the issuance of a successful COMMENT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  comment_success=> 'on_access',
  ...
}

This enables the auditing of successful comments on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

create_failure

Auditing option for the issuance of a failed CREATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  create_failure => 'on_access',
  ...
}

This enables the auditing of failed creates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

create_success

Auditing option for the issuance of a successful CREATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure         => 'present',
  ...
  create_success => 'on_access',
  ...
}

This enables the auditing of successful creates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

delete_failure

Auditing option for the issuance of a failed DELETE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  delete_failure => 'on_access',
  ...
}

This enables the auditing of failed deletes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

delete_success

Auditing option for the issuance of a successful DELETE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  delete_success => 'on_access',
  ...
}

This enables the successful of failed deletes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

disable_corrective_change

Disable the modification of a resource when Puppet decides it is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ...
  disable_corrective_change => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:

    Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)

Back to overview of ora_object_audit

disable_corrective_ensure

Disable the creation or removal of a resource when Puppet decides is a corrective change.

(requires easy_type V2.11.0 or higher)

When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.

Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.

Here is an example of this:

crucial_resource {'be_carefull':
  ensure                    => 'present',
  ...
  disable_corrective_ensure => true,
  ...
}

When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:

    Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
    Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)

Back to overview of ora_object_audit

ensure

The basic property that the resource should be in.

Valid values are present, absent.

Back to overview of ora_object_audit

execute_failure

Auditing option for the issuance of a failed EXECUTE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure          => 'present',
  ...
  execute_failure => 'on_access',
  ...
}

This enables the auditing of failed executes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

execute_success

Auditing option for the issuance of a failed EXECUTE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure          => 'present',
  ...
  execute_success => 'on_access',
  ...
}

This enables the auditing of failed executes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

flashback_failure

Auditing option for the issuance of a failed FLASHBACK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  flashback_failure => 'on_access',
  ...
}

This enables the auditing of failed flashbacks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

flashback_success

Auditing option for the issuance of a successful FLASHBACK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure             => 'present',
  ...
  flashback_success  => 'on_access',
  ...
}

This enables the auditing of successful flashbacks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

grant_failure

Auditing option for the issuance of a failed GRANT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  grant_failure => 'on_access',
  ...
}

This enables the auditing of failed grants on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

grant_success

Auditing option for the issuance of a successful GRANT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  grant_success => 'on_access',
  ...
}

This enables the auditing of successful grants on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

index_failure

Auditing option for the issuance of a failed INDEX operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  index_failure => 'on_access',
  ...
}

This enables the auditing of failed indexes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

index_success

Auditing option for the issuance of a successful INDEX operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  index_success => 'on_access',
  ...
}

This enables the auditing of successful indexes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

insert_failure

Auditing option for the issuance of a failed INSERT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  insert_failure => 'on_access',
  ...
}

This enables the auditing of failed inserts on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

insert_success

Auditing option for the issuance of a successful INSERT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  insert_success => 'on_access',
  ...
}

This enables the auditing of successful inserts on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

lock_failure

Auditing option for the issuance of a failed LOCK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  lock_failure => 'on_access',
  ...
}

This enables the auditing of failed locks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

lock_success

Auditing option for the issuance of a successful LOCK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  lock_success => 'on_access',
  ...
}

This enables the auditing of successful locks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

name

The object and name combination you want to manage. Including an appended SID.

ora_object_audit { 'sys.dbms_aqin@SID':
  ...
}

The SID is optional. When you don’t specify an SID, Puppet will take the first ASM instance from the /etc/oratab file and use that as the SID. We recoomend you always use a full qualified name (e.g. a name including the SID).

Back to overview of ora_object_audit

object_name

The object name.

This parameter is extracted from the title of the type. It is the first part of the name.

ora_object_audit { 'sys.dbms_aqin@SID':
  ...
}

In this example sys.dbms_aqin is the object name. The object names will always be uppercased by Puppet. This means in Puppet you can use either lower, upper or mixed case. In Oracle, it will be always be an upper case string.

You must specify full qualified object names. This means owner.object.

Back to overview of ora_object_audit

owner

The owner of the table you want to audit. This is the first part of the title string. The first part before the ..

  ora_object_audit { 'OWNER.TABLE@SID':
  	...
  }

Back to overview of ora_object_audit

provider

The specific backend to use for this ora_object_audit resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

simple
Manage object auditing an Oracle Database via regular SQL

Back to overview of ora_object_audit

read_failure

Auditing option for the issuance of a failed READ operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  read_failure => 'on_access',
  ...
}

This enables the auditing of failed reads on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

read_success

Auditing option for the issuance of a successful READ operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  read_success => 'on_access',
  ...
}

This enables the auditing of successful reads on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

rename_failure

Auditing option for the issuance of a failed RENAME operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  rename_failure => 'on_access',
  ...
}

This enables the auditing of failed renames on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

rename_success

Auditing option for the issuance of a successful RENAME operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  rename_success => 'on_access',
  ...
}

This enables the auditing of successful renames on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

select_failure

Auditing option for the issuance of a failed SELECT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  select_failure => 'on_access',
  ...
}

This enables the auditing of failed selects on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

select_success

Auditing option for the issuance of a successful SELECT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  select_success => 'on_access',
  ...
}

This enables the auditing of successful selects on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

sid

SID to connect to.

All types have a name like resource@sid. The sid is optional. If you don’t specify the sid, the type will use the database from the /etc/ora_setting.yaml with the property default set to true. We advise you to either use @sid in all your manifests or leave it empty everywhere.

Back to overview of ora_object_audit

update_failure

Auditing option for the issuance of a failed UPDATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  update_failure => 'on_access',
  ...
}

This enables the auditing of failed updates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

update_success

Auditing option for the issuance of a successful UPDATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  update_success => 'on_access',
  ...
}

This enables the auditing of successful updates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

write_failure

Auditing option for the issuance of a failed WRITE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  write_failure => 'on_access',
  ...
}

This enables the auditing of failed writes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

write_success

Auditing option for the issuance of a successful WRITE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  write_success => 'on_access',
  ...
}

This enables the auditing of successful writes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit