ora object audit
Overview
This type allows you to enable or disable auditing inside an Oracle Database.
Here is an example to set auditing on the SYS.AUD$ table:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
alter_failure => 'by_access',
alter_success => 'by_access',
audit_failure => 'by_access',
audit_success => 'by_access',
comment_failure => 'by_access',
comment_success => 'by_access',
flashback_failure => 'by_access',
flashback_success => 'by_access',
grant_failure => 'by_access',
grant_success => 'by_access',
index_failure => 'by_access',
index_success => 'by_access',
insert_failure => 'by_access',
insert_success => 'by_access',
lock_failure => 'by_access',
lock_success => 'by_access',
rename_failure => 'by_access',
rename_success => 'by_access',
select_failure => 'by_access',
select_success => 'by_access',
update_failure => 'by_access',
update_success => 'by_access',
}
Some audit options only apply to some types of database records. Specify only those options that apply to the object you want to audit.
Experience the Power of Puppet for Oracle
If you want to play and experiment with Puppet and Oracle, please take a look at our playgrounds. At our playgrounds, we provide you with a pre-installed environment, where you experiment fast and easy.
Attributes
| Attribute Name | Short Description |
|---|---|
| alter_failure | Auditing option for the issuance of a failed ALTER operation on that object. |
| alter_success | Auditing option for the issuance of a successful ALTER operation on that object. |
| audit_failure | Auditing option for the issuance of a failed AUDIT operation on that object. |
| audit_success | Auditing option for the issuance of a successful AUDIT operation on that object. |
| comment_failure | Auditing option for the issuance of a failed COMMENT operation on that object. |
| comment_success | Auditing option for the issuance of a successful COMMENT operation on that object. |
| create_failure | Auditing option for the issuance of a failed CREATE operation on that object. |
| create_success | Auditing option for the issuance of a successful CREATE operation on that object. |
| delete_failure | Auditing option for the issuance of a failed DELETE operation on that object. |
| delete_success | Auditing option for the issuance of a successful DELETE operation on that object. |
| disable_corrective_change | Disable the modification of a resource when Puppet decides it is a corrective change. |
| disable_corrective_ensure | Disable the creation or removal of a resource when Puppet decides is a corrective change. |
| ensure | The basic property that the resource should be in. |
| execute_failure | Auditing option for the issuance of a failed EXECUTE operation on that object. |
| execute_success | Auditing option for the issuance of a failed EXECUTE operation on that object. |
| flashback_failure | Auditing option for the issuance of a failed FLASHBACK operation on that object. |
| flashback_success | Auditing option for the issuance of a successful FLASHBACK operation on that object. |
| grant_failure | Auditing option for the issuance of a failed GRANT operation on that object. |
| grant_success | Auditing option for the issuance of a successful GRANT operation on that object. |
| index_failure | Auditing option for the issuance of a failed INDEX operation on that object. |
| index_success | Auditing option for the issuance of a successful INDEX operation on that object. |
| insert_failure | Auditing option for the issuance of a failed INSERT operation on that object. |
| insert_success | Auditing option for the issuance of a successful INSERT operation on that object. |
| lock_failure | Auditing option for the issuance of a failed LOCK operation on that object. |
| lock_success | Auditing option for the issuance of a successful LOCK operation on that object. |
| name | The object and name combination you want to manage. |
| object_name | The object name. |
| owner | The owner of the table you want to audit. |
| provider | resource. |
| read_failure | Auditing option for the issuance of a failed READ operation on that object. |
| read_success | Auditing option for the issuance of a successful READ operation on that object. |
| rename_failure | Auditing option for the issuance of a failed RENAME operation on that object. |
| rename_success | Auditing option for the issuance of a successful RENAME operation on that object. |
| select_failure | Auditing option for the issuance of a failed SELECT operation on that object. |
| select_success | Auditing option for the issuance of a successful SELECT operation on that object. |
| sid | SID to connect to. |
| update_failure | Auditing option for the issuance of a failed UPDATE operation on that object. |
| update_success | Auditing option for the issuance of a successful UPDATE operation on that object. |
| write_failure | Auditing option for the issuance of a failed WRITE operation on that object. |
| write_success | Auditing option for the issuance of a successful WRITE operation on that object. |
alter_failure
Auditing option for the issuance of a failed ALTER operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
alter_failure => 'on_access',
...
}
This enables the auditing of failed alters on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
alter_success
Auditing option for the issuance of a successful ALTER operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
alter_success => 'on_access',
...
}
This enables the auditing of successful alters on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
audit_failure
Auditing option for the issuance of a failed AUDIT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
audit_failure => 'on_access',
...
}
This enables the auditing of failed audit operations on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
audit_success
Auditing option for the issuance of a successful AUDIT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
audit_success => 'on_access',
...
}
This enables the auditing of successful audit operations on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
comment_failure
Auditing option for the issuance of a failed COMMENT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
comment_failure => 'on_access',
...
}
This enables the auditing of failed comments on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
comment_success
Auditing option for the issuance of a successful COMMENT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
comment_success=> 'on_access',
...
}
This enables the auditing of successful comments on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
create_failure
Auditing option for the issuance of a failed CREATE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
create_failure => 'on_access',
...
}
This enables the auditing of failed creates on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
create_success
Auditing option for the issuance of a successful CREATE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
create_success => 'on_access',
...
}
This enables the auditing of successful creates on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
delete_failure
Auditing option for the issuance of a failed DELETE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
delete_failure => 'on_access',
...
}
This enables the auditing of failed deletes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
delete_success
Auditing option for the issuance of a successful DELETE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
delete_success => 'on_access',
...
}
This enables the successful of failed deletes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
disable_corrective_change
Disable the modification of a resource when Puppet decides it is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
...
disable_corrective_change => true,
...
}
When a corrective ensure does happen on the resource Puppet will not modify the resource and signal an error:
Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)
Back to overview of ora_object_audit
disable_corrective_ensure
Disable the creation or removal of a resource when Puppet decides is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet Server, Puppet knows about adaptive and corrective changes. A corrective change is when Puppet notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet is managing. The normal Puppet process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
ensure => 'present',
...
disable_corrective_ensure => true,
...
}
When a corrective ensure does happen on the resource Puppet will not create or remove the resource and signal an error:
Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)
Back to overview of ora_object_audit
ensure
The basic property that the resource should be in.
Valid values are present, absent.
Back to overview of ora_object_audit
execute_failure
Auditing option for the issuance of a failed EXECUTE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
execute_failure => 'on_access',
...
}
This enables the auditing of failed executes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
execute_success
Auditing option for the issuance of a failed EXECUTE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
execute_success => 'on_access',
...
}
This enables the auditing of failed executes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
flashback_failure
Auditing option for the issuance of a failed FLASHBACK operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
flashback_failure => 'on_access',
...
}
This enables the auditing of failed flashbacks on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
flashback_success
Auditing option for the issuance of a successful FLASHBACK operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
flashback_success => 'on_access',
...
}
This enables the auditing of successful flashbacks on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
grant_failure
Auditing option for the issuance of a failed GRANT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
grant_failure => 'on_access',
...
}
This enables the auditing of failed grants on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
grant_success
Auditing option for the issuance of a successful GRANT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
grant_success => 'on_access',
...
}
This enables the auditing of successful grants on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
index_failure
Auditing option for the issuance of a failed INDEX operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
index_failure => 'on_access',
...
}
This enables the auditing of failed indexes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
index_success
Auditing option for the issuance of a successful INDEX operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
index_success => 'on_access',
...
}
This enables the auditing of successful indexes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
insert_failure
Auditing option for the issuance of a failed INSERT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
insert_failure => 'on_access',
...
}
This enables the auditing of failed inserts on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
insert_success
Auditing option for the issuance of a successful INSERT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
insert_success => 'on_access',
...
}
This enables the auditing of successful inserts on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
lock_failure
Auditing option for the issuance of a failed LOCK operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
lock_failure => 'on_access',
...
}
This enables the auditing of failed locks on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
lock_success
Auditing option for the issuance of a successful LOCK operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
lock_success => 'on_access',
...
}
This enables the auditing of successful locks on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
name
The object and name combination you want to manage. Including an appended SID.
ora_object_audit { 'sys.dbms_aqin@SID':
...
}
The SID is optional. When you don’t specify an SID, Puppet will take the first ASM instance from the /etc/oratab file and use that as the SID. We recoomend you always use a full qualified name (e.g. a name including the SID).
Back to overview of ora_object_audit
object_name
The object name.
This parameter is extracted from the title of the type. It is the first part of the name.
ora_object_audit { 'sys.dbms_aqin@SID':
...
}
In this example sys.dbms_aqin is the object name. The object names will always be uppercased by Puppet. This means in Puppet you can use either lower, upper or mixed case. In Oracle, it will be always be an upper case string.
You must specify full qualified object names. This means owner.object.
Back to overview of ora_object_audit
owner
The owner of the table you want to audit. This is the first part of the title string. The first part before the ..
ora_object_audit { 'OWNER.TABLE@SID':
...
}
Back to overview of ora_object_audit
provider
The specific backend to use for this ora_object_audit resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.Available providers are:
- simple
- Manage object auditing an Oracle Database via regular SQL
Back to overview of ora_object_audit
read_failure
Auditing option for the issuance of a failed READ operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
read_failure => 'on_access',
...
}
This enables the auditing of failed reads on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
read_success
Auditing option for the issuance of a successful READ operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
read_success => 'on_access',
...
}
This enables the auditing of successful reads on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
rename_failure
Auditing option for the issuance of a failed RENAME operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
rename_failure => 'on_access',
...
}
This enables the auditing of failed renames on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
rename_success
Auditing option for the issuance of a successful RENAME operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
rename_success => 'on_access',
...
}
This enables the auditing of successful renames on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
select_failure
Auditing option for the issuance of a failed SELECT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
select_failure => 'on_access',
...
}
This enables the auditing of failed selects on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
select_success
Auditing option for the issuance of a successful SELECT operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
select_success => 'on_access',
...
}
This enables the auditing of successful selects on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
sid
SID to connect to.
All types have a name like resource@sid. The sid is optional. If you don’t specify the sid, the type will use the database from the /etc/ora_setting.yaml with the property default set to true. We advise you to either use @sid in all your manifests or leave it empty everywhere.
Back to overview of ora_object_audit
update_failure
Auditing option for the issuance of a failed UPDATE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
update_failure => 'on_access',
...
}
This enables the auditing of failed updates on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
update_success
Auditing option for the issuance of a successful UPDATE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
update_success => 'on_access',
...
}
This enables the auditing of successful updates on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
write_failure
Auditing option for the issuance of a failed WRITE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
write_failure => 'on_access',
...
}
This enables the auditing of failed writes on the table AUD$ from user SYS. An audit record is written on every access.
Back to overview of ora_object_audit
write_success
Auditing option for the issuance of a successful WRITE operation on that object.
here is an example on how to use this:
ora_object_audit { 'SYS.AUD$@test':
ensure => 'present',
...
write_success => 'on_access',
...
}
This enables the auditing of successful writes on the table AUD$ from user SYS. An audit record is written on every access.
