DBZ-7864 Support Oracle DDL Alter Audit Policy
This commit is contained in:
parent
964603fa6a
commit
c7c76d1f8f
@ -55,6 +55,7 @@ unit_statement
|
||||
| alter_materialized_view_log
|
||||
| alter_user
|
||||
| alter_view
|
||||
| alter_audit_policy
|
||||
|
||||
| analyze
|
||||
| associate_statistics
|
||||
@ -1387,6 +1388,80 @@ alter_view_editionable
|
||||
: {isVersion12()}? (EDITIONABLE | NONEDITIONABLE)
|
||||
;
|
||||
|
||||
// https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/ALTER-AUDIT-POLICY-Unified-Auditing.html
|
||||
alter_audit_policy
|
||||
: ALTER AUDIT POLICY p = id_expression ADD? (
|
||||
privilege_audit_clause? action_audit_clause? role_audit_clause?
|
||||
| (ONLY TOPLEVEL)?
|
||||
) DROP? (privilege_audit_clause? action_audit_clause? role_audit_clause? | (ONLY TOPLEVEL)?) (
|
||||
CONDITION (DROP | CHAR_STRING EVALUATE PER (STATEMENT | SESSION | INSTANCE))
|
||||
)?
|
||||
;
|
||||
|
||||
privilege_audit_clause
|
||||
: PRIVILEGES system_privilege (',' system_privilege)*
|
||||
;
|
||||
|
||||
action_audit_clause
|
||||
: (standard_actions | component_actions | system_actions)+
|
||||
;
|
||||
|
||||
system_actions
|
||||
: ACTIONS system_privilege (',' system_privilege)*
|
||||
;
|
||||
|
||||
standard_actions
|
||||
: ACTIONS actions_clause (',' actions_clause)*
|
||||
;
|
||||
|
||||
actions_clause
|
||||
: (object_action | ALL) ON (
|
||||
DIRECTORY directory_name
|
||||
| (MINING MODEL)? (schema_name '.')? id_expression
|
||||
)
|
||||
| (system_action | ALL)
|
||||
;
|
||||
|
||||
role_audit_clause
|
||||
: ROLES role_name (',' role_name)*
|
||||
;
|
||||
|
||||
component_actions
|
||||
: ACTIONS COMPONENT '=' (
|
||||
(DATAPUMP | DIRECT_LOAD | OLS | XS) component_action (',' component_action)*
|
||||
| DV component_action ON id_expression (',' component_action ON id_expression)*
|
||||
| PROTOCOL (FTP | HTTP | AUTHENTICATION)
|
||||
)
|
||||
;
|
||||
|
||||
component_action
|
||||
: id_expression
|
||||
;
|
||||
|
||||
object_action
|
||||
: ALTER
|
||||
| GRANT
|
||||
| READ
|
||||
| EXECUTE
|
||||
| AUDIT
|
||||
| COMMENT
|
||||
| DELETE
|
||||
| INDEX
|
||||
| INSERT
|
||||
| LOCK
|
||||
| SELECT
|
||||
| UPDATE
|
||||
| FLASHBACK
|
||||
| RENAME
|
||||
;
|
||||
|
||||
system_action
|
||||
: id_expression
|
||||
| (CREATE | ALTER | DROP) JAVA
|
||||
| LOCK TABLE
|
||||
| (READ | WRITE | EXECUTE) DIRECTORY
|
||||
;
|
||||
|
||||
create_view
|
||||
: CREATE (OR REPLACE)? (OR? FORCE)? EDITIONABLE? EDITIONING? VIEW
|
||||
tableview_name (IF NOT EXISTS)? view_options?
|
||||
|
@ -86,4 +86,41 @@ alter table fruit annotations (drop Visibility);
|
||||
alter table fruit annotations (add Visibility 'Everyone');
|
||||
alter table fruit modify (id annotations (Visibility 'Hidden'));
|
||||
alter table fruit modify (id annotations (drop Visibility));
|
||||
alter table fruit modify (id annotations (add Visibility 'Hidden'));
|
||||
alter table fruit modify (id annotations (add Visibility 'Hidden'));
|
||||
|
||||
-- alter audit policy
|
||||
ALTER AUDIT POLICY HR_AUDIT_POLICY ADD ONLY TOPLEVEL;
|
||||
ALTER AUDIT POLICY HR_AUDIT_POLICY DROP ONLY TOPLEVEL;
|
||||
ALTER AUDIT POLICY DML_POL
|
||||
ADD PRIVILEGES CREATE ANY TABLE, DROP ANY TABLE;
|
||||
ALTER AUDIT POLICY JAVA_POL
|
||||
ADD ACTIONS CREATE JAVA, ALTER JAVA, DROP JAVA;
|
||||
ALTER AUDIT POLICY TABLE_POL
|
||||
ADD ROLES DBA;
|
||||
ALTER AUDIT POLICY SECURITY_POL
|
||||
ADD PRIVILEGES CREATE ANY LIBRARY, DROP ANY LIBRARY
|
||||
ACTIONS DELETE ON HR.EMPLOYEES,
|
||||
INSERT ON HR.EMPLOYEES,
|
||||
UPDATE ON HR.EMPLOYEES,
|
||||
ALL ON HR.DEPARTMENTS
|
||||
ROLES DBA, CONNECT;
|
||||
ALTER AUDIT POLICY TABLE_POL
|
||||
DROP PRIVILEGES CREATE ANY TABLE;
|
||||
ALTER AUDIT POLICY DML_POL
|
||||
DROP ACTIONS INSERT ON HR.EMPLOYEES,
|
||||
UPDATE ON HR.EMPLOYEES;
|
||||
ALTER AUDIT POLICY JAVA_POL
|
||||
DROP ROLES JAVA_DEPLOY;
|
||||
ALTER AUDIT POLICY HR_ADMIN_POL
|
||||
DROP PRIVILEGES CREATE ANY TABLE
|
||||
ACTIONS LOCK TABLE
|
||||
ROLES AUDIT_VIEWER;
|
||||
ALTER AUDIT POLICY DP_ACTIONS_POL
|
||||
ADD ACTIONS COMPONENT = DATAPUMP EXPORT
|
||||
DROP ACTIONS COMPONENT = DATAPUMP IMPORT;
|
||||
ALTER AUDIT POLICY ORDER_UPDATES_POL
|
||||
CONDITION DROP;
|
||||
ALTER AUDIT POLICY EMP_UPDATES_POL
|
||||
CONDITION 'UID = 102'
|
||||
EVALUATE PER STATEMENT;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user