About Default Auditing

When you create a new database or modify an existing database, you use the Security Settings window in Database Configuration Assistant (DBCA) to enable or disable its default security settings. This section explains how to start DBCA and enable the default security settings. Oracle recommends that you enable these settings. When these settings are enabled, Oracle Database audits some of the security-relevant SQL statements and privileges. It also sets the AUDIT_TRAIL initialization parameter to DB. If you decide to use a different auditing option, for example, OS if you want to write the audit trail records to operating system files, you can do that: Oracle Database continues to audit the privileges that are audited by default. If you disable auditing by setting the AUDIT_TRAIL parameter to NONE, then no auditing takes place.

Oracle Database audits the AUDIT ROLE SQL statement by default. The privileges that are audited by default are as follows:

Oracle Database also audits all privileges and statements that have the BY ACCESS clause.

If you are concerned that auditing these statements and privileges will adversely affect your applications, you can disable auditing by using Database Configuration Assistant (DBCA). When you modify your applications to use auditing, you can reenable the default auditing of these statements and privileges.

Oracle strongly recommends that you enable auditing by default. Auditing is an effective method of enforcing strong internal controls so that your site can meet its regulatory compliance requirements, as defined in the Sarbanes-Oxley Act. This enables you to monitor business operations and catch any activities that may deviate from company policy. Doing so translates into tightly controlled access to your database and the application software. By enabling auditing by default, you can generate an audit record for audit and compliance personnel.