New mandatory unified audit policy on 19.26 Recently updated !
This feature was just backported from Oracle 23ai. The new ORA$MANDATORY
audit policy was added with the Oracle 19.26 RU. This policy is not visible at UNIFIED_AUDIT_POLICIES
or AUDIT_UNIFIED_ENABLED_POLICIES
.
After patching the database to 19.26, then you see entries on UNIFIED_AUDIT_TRAIL
:
SYS@CDB2.CDB$ROOT> select EVENT_TIMESTMAP, SYSTEM_PRIVILEGE_USED, ACTION_NAME
from UNIFIED_AUDIT_TRAIL
where UNIFIED_AUDIT_POLICIES='ORA$MANDATORY'
order by EVENT_TIMESTMAP;
EVENT_TIMESTAMP SYSTEM_PRIVILEGE_USED ACTION_NAME
_________________________________ _________________________ _________________
02-FEB-2025 21:54:56.192982000 SYSDBA LOGON
02-FEB-2025 21:54:56.216549000 SYSDBA SELECT
02-FEB-2025 21:55:00.381577000 SYSDBA, ALTER DATABASE ALTER DATABASE
02-FEB-2025 21:55:00.393882000 SYSDBA LOGOFF
...
The actions that are audited by ORA$MANDATORY
policy are described on Oracle 23ai documentation.
What I find interesting, is that the “ALTER DATABASE MOUNT” during startup is audited, so we can have a good history of database startups.
(more…)