DBZ-7864 Support Oracle DDL Alter Audit Policy
This commit is contained in:
parent
964603fa6a
commit
c7c76d1f8f
@ -55,6 +55,7 @@ unit_statement
|
|||||||
| alter_materialized_view_log
|
| alter_materialized_view_log
|
||||||
| alter_user
|
| alter_user
|
||||||
| alter_view
|
| alter_view
|
||||||
|
| alter_audit_policy
|
||||||
|
|
||||||
| analyze
|
| analyze
|
||||||
| associate_statistics
|
| associate_statistics
|
||||||
@ -1387,6 +1388,80 @@ alter_view_editionable
|
|||||||
: {isVersion12()}? (EDITIONABLE | NONEDITIONABLE)
|
: {isVersion12()}? (EDITIONABLE | NONEDITIONABLE)
|
||||||
;
|
;
|
||||||
|
|
||||||
|
// https://docs.oracle.com/en/database/oracle/oracle-database/21/sqlrf/ALTER-AUDIT-POLICY-Unified-Auditing.html
|
||||||
|
alter_audit_policy
|
||||||
|
: ALTER AUDIT POLICY p = id_expression ADD? (
|
||||||
|
privilege_audit_clause? action_audit_clause? role_audit_clause?
|
||||||
|
| (ONLY TOPLEVEL)?
|
||||||
|
) DROP? (privilege_audit_clause? action_audit_clause? role_audit_clause? | (ONLY TOPLEVEL)?) (
|
||||||
|
CONDITION (DROP | CHAR_STRING EVALUATE PER (STATEMENT | SESSION | INSTANCE))
|
||||||
|
)?
|
||||||
|
;
|
||||||
|
|
||||||
|
privilege_audit_clause
|
||||||
|
: PRIVILEGES system_privilege (',' system_privilege)*
|
||||||
|
;
|
||||||
|
|
||||||
|
action_audit_clause
|
||||||
|
: (standard_actions | component_actions | system_actions)+
|
||||||
|
;
|
||||||
|
|
||||||
|
system_actions
|
||||||
|
: ACTIONS system_privilege (',' system_privilege)*
|
||||||
|
;
|
||||||
|
|
||||||
|
standard_actions
|
||||||
|
: ACTIONS actions_clause (',' actions_clause)*
|
||||||
|
;
|
||||||
|
|
||||||
|
actions_clause
|
||||||
|
: (object_action | ALL) ON (
|
||||||
|
DIRECTORY directory_name
|
||||||
|
| (MINING MODEL)? (schema_name '.')? id_expression
|
||||||
|
)
|
||||||
|
| (system_action | ALL)
|
||||||
|
;
|
||||||
|
|
||||||
|
role_audit_clause
|
||||||
|
: ROLES role_name (',' role_name)*
|
||||||
|
;
|
||||||
|
|
||||||
|
component_actions
|
||||||
|
: ACTIONS COMPONENT '=' (
|
||||||
|
(DATAPUMP | DIRECT_LOAD | OLS | XS) component_action (',' component_action)*
|
||||||
|
| DV component_action ON id_expression (',' component_action ON id_expression)*
|
||||||
|
| PROTOCOL (FTP | HTTP | AUTHENTICATION)
|
||||||
|
)
|
||||||
|
;
|
||||||
|
|
||||||
|
component_action
|
||||||
|
: id_expression
|
||||||
|
;
|
||||||
|
|
||||||
|
object_action
|
||||||
|
: ALTER
|
||||||
|
| GRANT
|
||||||
|
| READ
|
||||||
|
| EXECUTE
|
||||||
|
| AUDIT
|
||||||
|
| COMMENT
|
||||||
|
| DELETE
|
||||||
|
| INDEX
|
||||||
|
| INSERT
|
||||||
|
| LOCK
|
||||||
|
| SELECT
|
||||||
|
| UPDATE
|
||||||
|
| FLASHBACK
|
||||||
|
| RENAME
|
||||||
|
;
|
||||||
|
|
||||||
|
system_action
|
||||||
|
: id_expression
|
||||||
|
| (CREATE | ALTER | DROP) JAVA
|
||||||
|
| LOCK TABLE
|
||||||
|
| (READ | WRITE | EXECUTE) DIRECTORY
|
||||||
|
;
|
||||||
|
|
||||||
create_view
|
create_view
|
||||||
: CREATE (OR REPLACE)? (OR? FORCE)? EDITIONABLE? EDITIONING? VIEW
|
: CREATE (OR REPLACE)? (OR? FORCE)? EDITIONABLE? EDITIONING? VIEW
|
||||||
tableview_name (IF NOT EXISTS)? view_options?
|
tableview_name (IF NOT EXISTS)? view_options?
|
||||||
|
@ -87,3 +87,40 @@ alter table fruit annotations (add Visibility 'Everyone');
|
|||||||
alter table fruit modify (id annotations (Visibility 'Hidden'));
|
alter table fruit modify (id annotations (Visibility 'Hidden'));
|
||||||
alter table fruit modify (id annotations (drop Visibility));
|
alter table fruit modify (id annotations (drop Visibility));
|
||||||
alter table fruit modify (id annotations (add Visibility 'Hidden'));
|
alter table fruit modify (id annotations (add Visibility 'Hidden'));
|
||||||
|
|
||||||
|
-- alter audit policy
|
||||||
|
ALTER AUDIT POLICY HR_AUDIT_POLICY ADD ONLY TOPLEVEL;
|
||||||
|
ALTER AUDIT POLICY HR_AUDIT_POLICY DROP ONLY TOPLEVEL;
|
||||||
|
ALTER AUDIT POLICY DML_POL
|
||||||
|
ADD PRIVILEGES CREATE ANY TABLE, DROP ANY TABLE;
|
||||||
|
ALTER AUDIT POLICY JAVA_POL
|
||||||
|
ADD ACTIONS CREATE JAVA, ALTER JAVA, DROP JAVA;
|
||||||
|
ALTER AUDIT POLICY TABLE_POL
|
||||||
|
ADD ROLES DBA;
|
||||||
|
ALTER AUDIT POLICY SECURITY_POL
|
||||||
|
ADD PRIVILEGES CREATE ANY LIBRARY, DROP ANY LIBRARY
|
||||||
|
ACTIONS DELETE ON HR.EMPLOYEES,
|
||||||
|
INSERT ON HR.EMPLOYEES,
|
||||||
|
UPDATE ON HR.EMPLOYEES,
|
||||||
|
ALL ON HR.DEPARTMENTS
|
||||||
|
ROLES DBA, CONNECT;
|
||||||
|
ALTER AUDIT POLICY TABLE_POL
|
||||||
|
DROP PRIVILEGES CREATE ANY TABLE;
|
||||||
|
ALTER AUDIT POLICY DML_POL
|
||||||
|
DROP ACTIONS INSERT ON HR.EMPLOYEES,
|
||||||
|
UPDATE ON HR.EMPLOYEES;
|
||||||
|
ALTER AUDIT POLICY JAVA_POL
|
||||||
|
DROP ROLES JAVA_DEPLOY;
|
||||||
|
ALTER AUDIT POLICY HR_ADMIN_POL
|
||||||
|
DROP PRIVILEGES CREATE ANY TABLE
|
||||||
|
ACTIONS LOCK TABLE
|
||||||
|
ROLES AUDIT_VIEWER;
|
||||||
|
ALTER AUDIT POLICY DP_ACTIONS_POL
|
||||||
|
ADD ACTIONS COMPONENT = DATAPUMP EXPORT
|
||||||
|
DROP ACTIONS COMPONENT = DATAPUMP IMPORT;
|
||||||
|
ALTER AUDIT POLICY ORDER_UPDATES_POL
|
||||||
|
CONDITION DROP;
|
||||||
|
ALTER AUDIT POLICY EMP_UPDATES_POL
|
||||||
|
CONDITION 'UID = 102'
|
||||||
|
EVALUATE PER STATEMENT;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user