Overview

This type allows you to enable or disable auditing inside an Oracle Database.

Here is an example to set auditing on the SYS.AUD$ table:

ora_object_audit { 'SYS.AUD$@test':
  ensure            => 'present',
  alter_failure     => 'by_access',
  alter_success     => 'by_access',
  audit_failure     => 'by_access',
  audit_success     => 'by_access',
  comment_failure   => 'by_access',
  comment_success   => 'by_access',
  flashback_failure => 'by_access',
  flashback_success => 'by_access',
  grant_failure     => 'by_access',
  grant_success     => 'by_access',
  index_failure     => 'by_access',
  index_success     => 'by_access',
  insert_failure    => 'by_access',
  insert_success    => 'by_access',
  lock_failure      => 'by_access',
  lock_success      => 'by_access',
  rename_failure    => 'by_access',
  rename_success    => 'by_access',
  select_failure    => 'by_access',
  select_success    => 'by_access',
  update_failure    => 'by_access',
  update_success    => 'by_access',
}

Some audit options only apply to some types of database records. Specify only those options that apply to the object you want to audit.

Attributes

Attribute Name Short Description
alter_failure Auditing option for the issuance of a failed ALTER operation on that object.
alter_success Auditing option for the issuance of a successful ALTER operation on that object.
audit_failure Auditing option for the issuance of a failed AUDIT operation on that object.
audit_success Auditing option for the issuance of a successful AUDIT operation on that object.
comment_failure Auditing option for the issuance of a failed COMMENT operation on that object.
comment_success Auditing option for the issuance of a successful COMMENT operation on that object.
create_failure Auditing option for the issuance of a failed CREATE operation on that object.
create_success Auditing option for the issuance of a successful CREATE operation on that object.
delete_failure Auditing option for the issuance of a failed DELETE operation on that object.
delete_success Auditing option for the issuance of a successful DELETE operation on that object.
ensure The basic property that the resource should be in.
execute_failure Auditing option for the issuance of a failed EXECUTE operation on that object.
execute_success Auditing option for the issuance of a failed EXECUTE operation on that object.
flashback_failure Auditing option for the issuance of a failed FLASHBACK operation on that object.
flashback_success Auditing option for the issuance of a successful FLASHBACK operation on that object.
grant_failure Auditing option for the issuance of a failed GRANT operation on that object.
grant_success Auditing option for the issuance of a successful GRANT operation on that object.
index_failure Auditing option for the issuance of a failed INDEX operation on that object.
index_success Auditing option for the issuance of a successful INDEX operation on that object.
insert_failure Auditing option for the issuance of a failed INSERT operation on that object.
insert_success Auditing option for the issuance of a successful INSERT operation on that object.
lock_failure Auditing option for the issuance of a failed LOCK operation on that object.
lock_success Auditing option for the issuance of a successful LOCK operation on that object.
name The object and name combination you want to manage.
object_name The object name.
owner The owner of the table you want to audit.
provider resource.
read_failure Auditing option for the issuance of a failed READ operation on that object.
read_success Auditing option for the issuance of a successful READ operation on that object.
rename_failure Auditing option for the issuance of a failed RENAME operation on that object.
rename_success Auditing option for the issuance of a successful RENAME operation on that object.
select_failure Auditing option for the issuance of a failed SELECT operation on that object.
select_success Auditing option for the issuance of a successful SELECT operation on that object.
sid SID to connect to.
update_failure Auditing option for the issuance of a failed UPDATE operation on that object.
update_success Auditing option for the issuance of a successful UPDATE operation on that object.
write_failure Auditing option for the issuance of a failed WRITE operation on that object.
write_success Auditing option for the issuance of a successful WRITE operation on that object.

alter_failure

Auditing option for the issuance of a failed ALTER operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  alter_failure => 'on_access',
  ...
}

This enables the auditing of failed alters on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

alter_success

Auditing option for the issuance of a successful ALTER operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  alter_success => 'on_access',
  ...
}

This enables the auditing of successful alters on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

audit_failure

Auditing option for the issuance of a failed AUDIT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  audit_failure => 'on_access',
  ...
}

This enables the auditing of failed audit operations on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

audit_success

Auditing option for the issuance of a successful AUDIT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  audit_success => 'on_access',
  ...
}

This enables the auditing of successful audit operations on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

comment_failure

Auditing option for the issuance of a failed COMMENT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  comment_failure => 'on_access',
  ...
}

This enables the auditing of failed comments on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

comment_success

Auditing option for the issuance of a successful COMMENT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  comment_success=> 'on_access',
  ...
}

This enables the auditing of successful comments on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

create_failure

Auditing option for the issuance of a failed CREATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  create_failure => 'on_access',
  ...
}

This enables the auditing of failed creates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

create_success

Auditing option for the issuance of a successful CREATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure         => 'present',
  ...
  create_success => 'on_access',
  ...
}

This enables the auditing of successful creates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

delete_failure

Auditing option for the issuance of a failed DELETE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  delete_failure => 'on_access',
  ...
}

This enables the auditing of failed deletes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

delete_success

Auditing option for the issuance of a successful DELETE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  delete_success => 'on_access',
  ...
}

This enables the successful of failed deletes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

ensure

The basic property that the resource should be in.

Valid values are present, absent.

Back to overview of ora_object_audit

execute_failure

Auditing option for the issuance of a failed EXECUTE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure          => 'present',
  ...
  execute_failure => 'on_access',
  ...
}

This enables the auditing of failed executes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

execute_success

Auditing option for the issuance of a failed EXECUTE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure          => 'present',
  ...
  execute_success => 'on_access',
  ...
}

This enables the auditing of failed executes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

flashback_failure

Auditing option for the issuance of a failed FLASHBACK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  flashback_failure => 'on_access',
  ...
}

This enables the auditing of failed flashbacks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

flashback_success

Auditing option for the issuance of a successful FLASHBACK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure             => 'present',
  ...
  flashback_success  => 'on_access',
  ...
}

This enables the auditing of successful flashbacks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

grant_failure

Auditing option for the issuance of a failed GRANT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  grant_failure => 'on_access',
  ...
}

This enables the auditing of failed grants on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

grant_success

Auditing option for the issuance of a successful GRANT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  grant_success => 'on_access',
  ...
}

This enables the auditing of successful grants on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

index_failure

Auditing option for the issuance of a failed INDEX operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  index_failure => 'on_access',
  ...
}

This enables the auditing of failed indexes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

index_success

Auditing option for the issuance of a successful INDEX operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  index_success => 'on_access',
  ...
}

This enables the auditing of successful indexes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

insert_failure

Auditing option for the issuance of a failed INSERT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  insert_failure => 'on_access',
  ...
}

This enables the auditing of failed inserts on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

insert_success

Auditing option for the issuance of a successful INSERT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  insert_success => 'on_access',
  ...
}

This enables the auditing of successful inserts on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

lock_failure

Auditing option for the issuance of a failed LOCK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  lock_failure => 'on_access',
  ...
}

This enables the auditing of failed locks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

lock_success

Auditing option for the issuance of a successful LOCK operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  lock_success => 'on_access',
  ...
}

This enables the auditing of successful locks on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

name

The object and name combination you want to manage. Including an appended SID.

ora_object_audit { 'sys.dbms_aqin@SID':
  ...
}

The SID is optional. When you don’t specify an SID, Puppet will take the first ASM instance from the /etc/oratab file and use that as the SID. We recoomend you always use a full qualified name (e.g. a name including the SID).

Back to overview of ora_object_audit

object_name

The object name.

This parameter is extracted from the title of the type. It is the first part of the name.

ora_object_audit { 'sys.dbms_aqin@SID':
  ...
}

In this example sys.dbms_aqin is the object name. The object names will always be uppercased by Puppet. This means in Puppet you can use either lower, upper or mixed case. In Oracle, it will be always be an upper case string.

You must specify full qualified object names. This means owner.object.

Back to overview of ora_object_audit

owner

The owner of the table you want to audit. This is the first part of the title string. The first part before the ..

  ora_object_audit { 'OWNER.TABLE@SID':
  	...
  }

Back to overview of ora_object_audit

provider

The specific backend to use for this ora_object_audit resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:

simple
Manage object auditing an Oracle Database via regular SQL

Back to overview of ora_object_audit

read_failure

Auditing option for the issuance of a failed READ operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  read_failure => 'on_access',
  ...
}

This enables the auditing of failed reads on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

read_success

Auditing option for the issuance of a successful READ operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  read_success => 'on_access',
  ...
}

This enables the auditing of successful reads on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

rename_failure

Auditing option for the issuance of a failed RENAME operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  rename_failure => 'on_access',
  ...
}

This enables the auditing of failed renames on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

rename_success

Auditing option for the issuance of a successful RENAME operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  rename_success => 'on_access',
  ...
}

This enables the auditing of successful renames on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

select_failure

Auditing option for the issuance of a failed SELECT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  select_failure => 'on_access',
  ...
}

This enables the auditing of failed selects on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

select_success

Auditing option for the issuance of a successful SELECT operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  select_success => 'on_access',
  ...
}

This enables the auditing of successful selects on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

sid

SID to connect to.

All types have a name like resource@sid. The sid is optional. If you don’t specify the sid, the type will use the database from the /etc/ora_setting.yaml with the property default set to true. We advise you to either use @sid in all your manifests or leave it empty everywhere.

Back to overview of ora_object_audit

update_failure

Auditing option for the issuance of a failed UPDATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  update_failure => 'on_access',
  ...
}

This enables the auditing of failed updates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

update_success

Auditing option for the issuance of a successful UPDATE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  update_success => 'on_access',
  ...
}

This enables the auditing of successful updates on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

write_failure

Auditing option for the issuance of a failed WRITE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  write_failure => 'on_access',
  ...
}

This enables the auditing of failed writes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit

write_success

Auditing option for the issuance of a successful WRITE operation on that object.

here is an example on how to use this:

ora_object_audit { 'SYS.AUD$@test':
  ensure        => 'present',
  ...
  write_success => 'on_access',
  ...
}

This enables the auditing of successful writes on the table AUD$ from user SYS. An audit record is written on every access.

Valid values are none, by_access, by_session.

Back to overview of ora_object_audit