Audit policies created in the system database can log certain activities in tenant databases.
In general, audit policies for monitoring and recording activity in a tenant database are created in the tenant database with an audit that writes to a local database table. However, certain activities in tenant databases may have a security impact on the system as a whole. These activities can be monitored and recorded from the system database.
A user in the system database with the system privilege DATABASE ADMIN or DATABASE AUDIT ADMIN can create audit policies for a tenant database. The following actions may be audited:
- Actions related to session management and system configuration:
- Creation of a user connection to the database
- Validation of a connecting user's credentials (authentication)
- Changes to the system configuration (*.ini) files
- Installation and deletion of licenses
- All actions related to the management of certificates and certificate collections (PSEs)
- All actions related to the management of authentication providers
- All actions related to the management of data encryption and encryption keys
Audit policies created in the system database for a tenant database are visible in the tenant database through the system view AUDIT_POLICIES. The column IS_DATABASE_LOCAL identifies where the audit policy was created, either locally in the tenant database or in the system database. In the system database, it is possible to see all audit policies created in the system database (for both the system database and all tenant databases) through the AUDIT_POLICIES view of the SYS_DATABASES schema.
Administration users in the tenant database cannot change or delete audit policies created in the system database for the tenant database, nor can they access the audit trail. Events audited by these policies are written to the audit trail defined in the system database.
The CREATE AUDIT POLICY statement creates a new audit policy, which monitors when specified audit actions occur. Only database users with the AUDIT ADMIN privilege can create an audit policy. An audit policy name must be unique.
New audit policies are disabled by default and must be enabled before the audit actions begin. The configuration parameter global_auditing_state must also be set to true.
An audit policy can contain only one of the following:
- non-restricted auditing for n (>=1) users
- auditing for actions not restricted to objects
- auditing for actions that are restricted to objects
For the last two alternatives listed, an optional restriction for user(s) is available.
Audit actions related to tenant databases (like CREATE/ALTER/DROP/START/STOP DATABASE) can only be specified in the SYSTEMDB of a tenant (database) system.
Audit Actions
One or more audit trail targets can be specified for an audit policy at the time of creation or after creation. The allowed audit trail targets are:
- SYSLOG: uses the system syslog.
- TABLE: stores audit information in a database table. The audit log is accessible using the AUDIT_LOG system view.
- CSV: stores audit information as comma-separated values in a text file. Use only for testing purposes.
A subset of audit actions are allowed in policies created on SYSTEMDB for a tenant using the FOR <database_name> option. Audit policies created for a tenant on SYSTEMDB cannot be altered or dropped from within that tenant. It must be done on SYSTEMDB.